I'm interested to see how it happened. It doesn't look like it was a breach via shell access or anything like that, but there's tons of things you can do with the admin API. It just seems like a Pleroma vulnerability, but a pretty big one. However, we won't really understand or know until the big niggas look in to it.