His password was unchanged from the smf fiasco last month, so it's not a very far fetched scenario to assume whoever got his account has access to some sort of pastebin of all the old passwords from that, or alternatively he knows someone who has them. Change your passwords if you haven't since the forum update because datiel probably won't be the last account to get hijacked if my assumptions are correct.