Generally (based on public domain info) there are two (2) types of individuals that can be allowed to operate in the background on various internet systems or web-sites ... an administration employee, i.e., authorized "admin" ... or a hacker who's broken into the system, web-page, or app ... and thus may have gained unofficial "admin" status ... either way "both" are thus allowed to roam the system or whatever ... a hack has not been implied to have occurred directly ... yet, but nonetheless still might be pending a later look/detection, etc., ...read the full security report + more ... @ ars TECHNICA ... it's a dot com ?!
