the Teso crew has released an exploit for sshd (i believe it's been already published on packetstorm) that works for OpenSSH < 3.0.2p1. So if you were running something like 2.5.* you were toasted

also don't rely on logs read after you were hacked, unless you're using one of the "nazi" logging features (logging on another machine or on a fanfold printer) because the first thing a hacker does when s/he gets into a box is erase the logs...

if you say the person had an account on the machine things get more complicated ...you also have to take into consideration things like suid/gid programs and file permissions.
go through everything again and think about what could've happened!