I am in the belief that the account password was either too weak, or was used elsewhere and compromised there.
Or might be something else.
A common attack on web based accounts is using a technique called session hijacking, whereby the steal the so called "magic cookie" responsible for authentication between the server and the client and use it to gain access to the target system. Hackers aren't stealing your password as such, they're stealing the response your computer generates and sneaking in using it in a form of impersonation. If you've ever logged onto Facebook or GMail to a warning that someone in some remote location has logged onto your account etc, the likelyhood is they've used this method. This is what causes confusion when people have strong passwords/not used anywhere else etc. If you've ticked that box to say "keep me logged in" on whatever, you're far more open to this kind of compromise.
Which leads us down to the recent attacks on XIV accounts- something getting much worse as time goes on judging by the amount of selling tells I get from "legit" player instead of facerolls. XIV uses a form of web-based authentication from what I've seen (granted, I've not looked in detail yet. Maybe I should...) and potentially
is susceptable to a session hijacking much like described above.
Could it be we're seeing accounts compromised via methods outside the old trojan horse keylogging methods?
To endanger the soul endangers all,
when the soul is endangered it must become a Warrior.