Amazon has a history of employees within the company leaking large sets of customer data, or using their internal access to target vulnerabilities in customer AWS setups. As far as I know they haven’t had any breaches by non-employees, but major internal data use issues are still security problems.

Apple only has if you count exploits that allow for hacking Macbooks and Iphones as far as I know (and I wouldn’t count that personally).

> using their internal access to target vulnerabilities in customer AWS setups

citation needed

I assume they're misunderstanding/misrepresenting the CapitalOne breach.

iCloud has been hacked more than once hasn’t it?

If by hacked you mean high profile users/public figures without two factor enabled and using passwords that could be guessed by just browsing their social media footprint... then sure, they were "hacked"

I believe they were phished.

I don't think there was a technical vulnerability , my understanding was there some social engineering and poor security defaults that led to some high profile accounts being compromised.

It was a technical problem. They didn’t throttle password guesses.

Yes poor design from Apple, However if your account had a long random passphrase and not something from your life[1] would it then have not been possible to compromise right ?

I mean if users followed best practices it won't have been possible [2]

---

[1] which could be known more easily than if you are a celebrity

[2] Not trying to defend Apple here or absolve them of responsibility, but trying to differentiate a product hack (design choice and social engineering) from a pure technical compromise like a RCE or speculative execution which is developer purview and more interesting.