*sigh* Hackers.
I’ll expand this later, when I have some time, but I wanted to put up a quick post to let everyone know that I’m looking into what exactly happened last night, and as best as I can tell so far, the hack was on the administrative end of the website host, not the wordpress framework. Short version: I do not believe your usernames/passwords/personal info was compromised. However, to be safe, I encourage you to change your passwords for this site, as well as for any others that use the same login or email address.
In instances like this the hacker usually just drops his “signature” on the hosting server, and doesn’t do anything tremendously destructive to the websites themselves. It’s more of a “look what I did” thing then any sort of directed attack.
I checked the hacker’s twitter account (of course he has one), and he basically has a list of 100s of sites he has exploited in the same way. Judging by the speed he does the hacking, he probably found a weakness in the hosting company’s server and hacked multiple websites in batches.
The music was a nice touch.
Likely a script kiddie, I suspect. It’d be curious how many of said websites are actually WordPress sites running a particular theme or plug-in.