It allowed someone to sign up on an instance that was set to only allow sign-ups from specific email-addresses. It did not give access to any existing accounts or communications.
as a sidenote, the Ars Technica article about this has some factual errors, the matrix.org tweet linked refers to a different incident, which was unrelated to Matrix/Synapse
Small server part of the pixie.town infrastructure. Registration is approval-based, and will probably only accept people I know elsewhere or with good motivation.