<p>It certainly wasn't a "hack" in the traditional sense. All it happened to be was a web application that had extremely poor security features.</p>
<p>It was as simple as clicking View->Source, finding your student number, and adding your number and a word to the URL, and bam, you have your decision in front of you.</p>
<p>The "hacker" probably didn't even do any breaking in at all. He could have found someone who was already accepted and had the structure of the link of the decision page (maybe there was a school that already posted their decisions using that software), asked them what their URL looked like, and then used that to easily figure out how to see his own information.</p>