Floodgap was part of this. I just talked to a very helpful person in NetSol's security department and she looked through the ticket. It was initiated by a web chat, and they produced official looking but completely fraudulent documents (photo ID, utility bill, business license, etc.) to prove identity, so this was socially engineered and apparently for multiple domains. They're supposed to contact me tomorrow for more on the post mortem.