I'd guess his mail account got compromised. It's simply the biggest hole you can get through. I guess it's futile to discuss what is 'probable' because why would someone do something improbable - because it is improbable. Circular logic, we'll have to wait and see...