entirely done through social engineering or outright having someone helping them on the inside. My guess is they got some trojans installed on an employee with some restricted access and passwords and then went from there. Hacks of vulnerabilities usually result in database breaches and it doesn't sound like that is what happened here. A lot of FTP servers and email access.