Off-topic, however, for those that may be interested...
I'm wondering about the, here and elsewhere, consistent misspelling of Hager's name.
This is rather conspiratorial, and I'm not suggesting I believe this for a moment, but perhaps the misspelling is a coordinated page rank smear. The more likely answer is an auto-(in)correct algorithm. Or maybe both! I can just imagine the dirty memo applauding itself on the latter's clever plausible deniability cover for the earlier.
Is the DDOS just a smokescreen?
From what I can understand, DDoS attacks are nearly always a pretense to a deeper, targeted breach (aside from those attacks performed purely for the giggles).
And while "key-loggers" could be "how", that, to my mind, sounds so 90's. The attack interface from a privileged position is so ridiculously large now - there's a veritable smorgasbord of options once the beach-head has been made.
I can't see a connection between "site hacked" and "access to emails".
Think in terms of the weakest link. A hacked server can provide a privileged platform to attack a client machine, typically a site admin's personal computer, which in turn could spill the beans for log in credentials to other services, such as a webmail account. Practicing good computer security is awfully difficult (and, alarmingly, inconvenient), and I wouldn't be surprised if the alleged victim(s) have no real idea what they're doing.