If you use Readdle's Spark email app with your iCloud account, and have received a notice about your account being locked due to suspicious login attempts in the past day or so, your account might not actually be under attack. Readdle says that the issue may have been caused by its server upgrade activity. The company is currently working with Apple to gather further details.
In a post on Reddit, Readdle let customers know about the potential issue:
Thank you for the feedback and comments! Our team has been investigating this for a few hours.
What we know so far: 1. There's no breach or data leak according to our investigation. 2. The new, faster AWS server logic might have triggered iCloud security algos. We are already working with Apple to learn more details.
We are doing some server side work to make Spark much faster, and to make it ready for the Mac version , which is already in Alpha. We will keep you updated once we have more news from Apple side.
Be aware that even if this turns out to be the issue, it's still a good idea to make sure your taking advantage of best security practices. Make sure you're using two-step or two-factor authentication with your Apple ID, along with app-specific passwords for third-party apps. Additionally, make sure your using a strong, unique password.