I also find it very interesting that the attacker is able to aggregate the e-mail addresses from different [database] sources. Doesn't this mean he has direct access to multiple bitcoin-related databases or at least some indirect way to extract e-mail addresses from the databases?