I really wonder how they got in there
Someone could have just been brute forcing the email for the past 5 years. Although if it were that you think the provider would have noticed by now. I can only imagine how many failed attempts it would take for a decent password.
I guess we will just have to enjoy the popcorn and see if he reveals the attack vector.
Since bitcoin has became really valuable problaby a lot of hackers have been triying to bruteforce all known Satoshi accounts for the past years .