Here's a bit of good news for folks concerned about the recent Apple App Store hack attack. Apparently, despite the dire nature of the data breach, users' iCloud passwords were not compromised. In fact, according to the latest reports, Apple is contacted customers if you if you have installed apps which were compromised by the XcodeGhost malware.
The most important thing is that the malicious code could NOT have stolen critical personal information like your Apple ID credentials. Furthermore, Apple has already purged the infected apps from the App Store, so they are reassuring folks that it is now safe to download apps. For more info, check out Apple's support page FAQ comments here: 有关 XcodeGhost 的问题和解答 - Apple (中国)