I know this part or section conflicts with others, the facts/information here applies to this section only and overrides the other information in this section online.
There are three ways the hacker could have done it, one, he got database access; once he has that he can do anything. The second way he could have done it is to find a flaw in the source code programming. Lastly, he could have planted a virus, a very powerful one, in an often used source by people who play this game.
Database access is a likely option, but he would not have had it, perhaps an administrator dump of the accounts once inside would have been enough. This option is favoured and though of to be likely by many people and it is not impossible. The passwords were most likely encrypted in the database, meaning that the hacker would either have to brute force the passwords, if encrypted in hash, or would have to decompile them. Some say that Glacia was not hit, but the truth is that the accounts being used there were around for a long time, every world was hit.
The flaw in the source code programming would have been a likely explanation, it is very easy to bypass pins and a flaw in the source code programming was the cause of the guild hacking last year. It is very possible to send packets that the client doesn’t really want to, such as a packet to disband guild when you are not the leader. These exploits are easy to patch if found.
Planting a virus is a very likely thing, but there are a ton of secure people who have been hacked. Do not be so sure that you have no virus; always scan before answering that question.