"Hacking Team" Hacked - One vulnerability is what was needed

The hack itself was executed using a common weakness: first, an embedded device within the network was found with a known zero-day weakness. From there, the hacker was able to get into an unencrypted backup and find the passwords for a Domain Admin server, which basically gave him the keys to the kingdom.

For more info:
http://gizmodo.com/this-hackers-account-of-how-he-infiltrated-hacking-team-1771504896