in reply to
Pssst! I know your secret password, click here to change it.
I'm spitballing here, but I think they somehow injected code (cross site scripting?), and gained db server password, then remotely logged into the DB.
Man this sucks :(
Results (347 votes),