Here’s the email he got that resulted in the hack. Notice how it (a) looks very real and (b) it adds a sense of urgency because you’re worried you may have already been hacked.
Also notice that the email is from [email protected]. This is a really really good phishing email because it seems legitimate. The domain is a .com and short enough that it looks real.
Remember: if you’re getting an email from Twitter or Microsoft, make sure that the domain is twitter.com or microsoft.com. Better yet, try going to the domain to see if it looks real. The email looks very good but these hackers didn’t take the time to make a landing page at x-notify.com.