I haven't seen the technicals of the hack yet. But it looks like he gave SSH access with a shell account to any hacker who wanted it. With that account, the hacker was able to elevate his privileges.
This is interesting as a local exploit. But I'll believe this as a good server example when it becomes common practice to give shell accounts to hackers.
Every multi-user OS I know has had privilege elevation exploits. They are a common danger. Normally when running a server, all of the service accounts do not have logon privileges (meaning a hacker exploiting a service can't use it to log on), only the local admin accounts do. That restricts the abilities of someone who hacked a service. The hacker is left with trying to exploit the flaws in that service to perform a privilege elevation, which is harder than if they could just log on.