Early Sunday morning I was notified by DigitalOcean support that one of my database servers had been shutdown by support because they had received several abuse complaints regarding traffic originating from the machine and they surmised that it had been compromised. Upon inspection of a snapshot of the system I discovered that root access via password was enabled over SSH because of a problem with my automated configuration scripts and that my system had in fact been successfully accessed through that method from an ip address which was not mine (it was actually another of DigitalOcean's ip addresses).......

Link to full article

http://badassrockstartech.com/digitalocean-root-vulnerability-in-the-wild