On July 5, 2015, Hacking Team’s Twitter account was compromised by an unknown assailant who ended up publishing 400GB of data including alleged e-mails, invoices, and source code of the company. Zero days for Adobe Flash( CVE-2015-5119) which allowed an attacker to open apps on a victims PC through a webpage. Along with that, there was a buffer overflow attack on Adobe open type manager that allowed for privilege escalation to bypass sand-boxing capabilities. There was evidence that Hacking team did business with Sudan and the Lebanese Army, and sold tools to Bahrain and Kazakhstan.
The hacker who claimed responsibility for this attack called themselves Phineas Fisher. They previously attacked a spyware firm named Gamma International. The way he got in was from a zero-day root exploit in an embedded device inside the companies corporate network, after scanning the internal network, he found an exchange email server which he was able to get the password for. How he was able to crack this is a mystery, since the password was P4ssword. From there, he was able to get the passwords of every user in the company in plain text. You can read a more in depth article about it here