Depends on how it happened. I don't really pay attention to the iOS ecosystem, but apparently there was some sort of vulnerability with Apple IDs or something.
Discussion
If it's not related to the Apple ID thing, then it could be traditional credential stuffing, meaning that the same password / email got reused on another website that got leaked.
2FA is probably the best stopper to problems like this, especially credential stuffing, but if it was a more in-depth hack, then maybe two-factor wouldn't help. It seriously just depends on how this occurred.