According to some of the news accounts (which included screencaps before the public free release) they were attempting to sell them (conflicting accounts if they wanted bitcoin or paypal transactions).
And the theory is that it was a group effort not a single hacker.
Wired had an article (Wired is not permitted on FR by request of the publisher) about the software that was used to crunch the passwords. Seems it is intended for use by government/law enforcement agencies.
Ultimately some blame does fall on Apple for not flagging repeated failed efforts to brute force break a login password. I’ve got accounts that won’t let me easily log in even if I get the name and password correct but I am using a different ISP or computer.
Internally they do. That's how Apple knows that IBrute was not the modality of attack through FindMyiPhone. There simply were no brute force attacks on passwords on those accounts.
Apple doesn't bother users with extraneous data about failed attempts that would cause them worry. It's all about user experience for Apple and worry is not a good experience. GRIN.