It is not uncommon for hackers to use a method called social engineering, i.e. make their goal through manipulation techniques to provide confidential information such as account details or passwords. In the case of Clorox, who is now being negotiated in court, the attackers did not issue as a trustworthy person or used phishing messages – they simply asked about the company’s password.