It looks like they hacked some passwords of employees.
—
You’d think companies with this sort of proprietary info would have 2-factor auth.