Yep that part should be fine, i'm just shocked how someone can actually hack into my iTunes account and then change it to their own. Its almost like someone broke into your home and changed the locks so you can't even get in let alone see what damage has been done.
Did Apple refund you on any credit that was used?
One of the biggest issues with utilizing the Internet is security. It shouldn't be a shock to you that someone could hack you. Anything can be hacked. All that is needed is motivation, resources, tools, and a bit of knowledge.
Security is all about layers. If all a person has is a password protecting their personal information then it's easy to whip up a password cracker. If they happen to be savvy and create an uncrackable password then that's nothing a little social engineering can't fix.
Someone suggested implementing 2-step verification. I would take that advice. You should also think about having a secure no log VPN service that you can activate any time you are putting information such as user account details, credit card information, and security questions.
Keep all of the web browsers you use updated so any vulnerabilities can be patched up.
Be careful with your email. Don't click any links that you do not trust.
Hope this experience has helped to solidify the seriousness of putting security as a priority.