BTW, did you had a common password used on all this platform ?
That was my first thought, but then I realized they wouldn't need to know the password on the exchange sites if they controlled his email.Yes, his email could get access to most of his linked accounts very easily even without knowing the password. Hacker has done the same with his bitcointalk account.
But, I am inclined to think, he should have linked some mobile number with his email from which I think the email could be recovered and than recover the rest. Just like reversing what the hacker did !
@kenzawak, did you had any phone number linked with your email ?