My old blog about Rio de Janeiro got hacked last night. It's based on WP 2.0.4
I woke up to an email announcing "Password Lost and Changed for user: admin"
I tried to login to see what was going on, but I couldn't. I tried to get it to send me a new password, but it didn't recognize my email address. I had to login to my mysql database to figure it out.
It turns out that someone had changed the email to firstname.lastname@example.org and had logged in and made about 6 posts announcing that croconile had hacked the blog and denouncing the pope and Israel.
What I want to know is how someone could have changed the admin's email address? Did they hack into my mysql database too?
Anyway, I managed to change the email address and get back in and back everything up, but still, how did this happen? Any ideas?