Update - after speaking some more with my affected customer I am no longer convinced his password was indeed strong enough.
Maybe passwords were brute-forced after all? silvereagle - just how strong was your password?
Will be happy to hear about any progress in figuring this out.
Alias was very short so may have been hackable. Password was 15 characters long but made up of multiple words that may have been found in dictionary. Possible but permutations to put that many words together would still be extremely high.
Still, imagine that they have downloaded every wallet on Blockchain or at least very many. They can run each password against each wallet in turn, which may make for a viable / profitable attack.