His blockchain.info alias matches his forum name, and it has no 2-factor authentication.  Attacker grabs the wallet and performs an offline brute force attack.  Guessing the password wasn't very good either.