The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”.
It’s rather surprising just how bad the international elite’s security measures are. If you keep it in plaintext on a server, someone can steal it with a targeted attack. They should be using something that keeps no plaintext except on the endpoints, and use cheap dedicated laptops for the secure endpoints.