I find it very curious that in every case described here (as well as in my case that I was just alerted about) the access is from an iPhone. I think there is something else going on here, not account compromises, at least not in the form of your password being determined. I mean what are the chances that every single person whos had their account compromised has been accessed by an iPhone?