Doesn't even need to have an internet connection. If you run a wireless router can it could be done anywhere within wireless range.
Home pcs tend to be less secure than corporate machines for obvious reasons. But there's more to harvest from corporate servers than doing home machines unless you have a specific home IP address to target (for this type of thing anyway).
My personal (guess) is. IF? This is an iCloud breach, it's been done originally and internally over a long period of time by an apple employee.