long story short.. if you have php enabled in posts, or in some cms's it can even be done by entering an extended url of the domain with certain characters in the url.. it bascially "tricks" the code in front of the database... say the php.. to enter information into the database that the "cracker" wants to change in the database.. it pretty much takes advantage of bugs and exploits in code to allow the "Cracker" to do things that shouldn't normally be done.
As for backing up... yes.. backing up nightly is probabally a good idea.. if you can, run it as a cron job to backup a database.. or find a way to do it on a routine schedule. Also, it depends on how often you change you site or add posts.
there are plugins for one step backups for the database which can be used...
keep in mind though that this is NOT the only reason you should back up a database like this. With all of the vast majority of plugins, themes and such available to change the standard wordpress installation.. there are MANY compatibility issues between plugins, themes, and even versions of WP and different plugins and themes. Files and hardrives corrupt too.
Any reason is a good reason to backup. It hurts hard to lose a whole site.. or even a few posts from one from dataloss no matter the reason.
If the site is a livelihood and citical, minutes and hours can cost. Even if it is not critical... think how much time you ahve spent on your site.. now multiply that times at least $30 or $40 an hour.. of the idea of losing such as memories which cant be replaced.
And, its a good idea to backup before you make any changes wheter its code changes, upgrades, new posts, new themes, new plugins, or any changes.
uggg I need to learn to quit rambling!