Apple insisted that iTunes servers were not compromised. Reed—an experienced e-commerce developer known for his work with Threadless—told Ars that he is convinced there is a more serious security problem that Apple isn’t sharing.
Reed’s password, a string of random alphanumeric characters, isn’t easy to guess, though it is possible that it could be determined by brute force.
So, yay, nobody’s safe and, one way or another, the iTunes Store servers are hacked (which isn’t a surprise considering how incompetent we know Apple to be at anything server-based).
But removing your credit card info from the Store and using gift cards is so inconvenient!