I’ll throw an allegedly in here; Pastebin has a story written by the fellow who hacked Hacking Team about how it was accomplished.

Lessons learned are, again:

• Change default passwords
• Patch your systems
• Log account and network activity – identify suspicious activity
• Secure your backups
• After sending passwords by email delete the email and change the password
• Use two-factor authentication everywhere possible