Insanely stupid Amazon and Apple standard practices mean Apple gives away the password to any .me email account, to anyone who calls in.

Which gives the caller the ability to remotely wipe any of your Apple devices, and, in this case, because the author trusted Apple as the backup of his Google account and assumed that would be good enough, also compromised his Google account, his Twitter account, and everything else.