It is only possible if you know your iCloud username and password.

Now the reason why the attacker was able to remote wipe is because he had the iCloud username and the newly generated password.