The only one of my Linux machines that got hacked was hacked in a similar way, except it was a VPS and my mistake was not realising that HyperVM was sneakily resetting my root password to the provider-set default of "changeme" behind my back. (Surprisingly, even then it seems it took several days for anyone to actually brute-force their way in.)