Couldn't the "hacker" have simply generated a new GPG key and added it to the account he had control of?
Couldn't the "hacker" have simply generated a new GPG key and added it to the account he had control of?