Not that it matters much, but this summary isn't right. The contract wasn't "exploited." The company's AWS account was compromised, giving the attacker access to a (off-chain) private key.

The contract relied on the key to mint new tokens. The hacker gained access to the key (through AWS) and with it minted as much as they'd like. It is certainly a valid take that a contract that only required the private key to mint an unlimited amount of the token isn't a good one, but you don't exploit someone's front door lock by grabbing the key from under the welcome mat.