The attacker may have known who he was hitting, because the target was a privileged user who had restricted access to sensitive information about security bugs in Mozilla products. Bugzilla is the big-tracking system used by Mozilla for its various projects, and while much of the information is public, a subset of it is kept private. Specifically, information about security flaws that are in the process of being fixed or evaluated is kept private until a patch is available or the company decides not to fix it.
Mozilla officials say the attacker in this instance may have had access to the victim’s account since September 2013. The earliest confirmed access was in September 2014. Once in the victim’s account, the attacker apparently was able to steal information about a Firefox vulnerability that Mozilla fixed last month, but only after an exploit for it was seen in the wild.