It sounds like they got in via a regular account and somehow escalated themselves to root: "how they managed to exploit that to root access is currently unknown and is being investigated."
Simple social engineering of mundane user accounts is not worrisome. Escalating any old user into root is.
After reading the LWN security page for years, I don't consider root escalation as a difficult problem. There seems to be a never ending stream of vulnerabilities. That layer of security is a useful goal but I assume user level access also provides root level access.
I hope this is true, and the access was not gained via some unknown vulnerability.