Couldn't he have disabled username/password login and only accessed via SSH? Doesn't that solve the problem?
No, the attacker used social engineering (getting info about the guy) to answer security questions from Vultr. This gave him access not to one container / server but to the guy's entire Vultr web-panel. From there you can get into any box, even in emergencies where you've disabled root login etc, there are recovery consoles.
reply
seems that way
reply