The account was allegedly breached through the Google Chrome extension Aggr, which saves cookie login information. Source link