As someone who "hacks" for a living - let me put a few cards on the table:

1) We will probably never know who did this or why - it takes a lot of time (and that means money) to trace this down - we are still working the Estonia hack and have only discovered three seperate cases of "guilty parties"

2) Answer to #1 doesn't really matter - what matters is how you recover. And for recovery, the most important thing is backup, backup, backup.

3) You can't really recover until you understand how you were hacked, or the bad guy can do it all over again right away. You have to close the door before you go back on line.

4) If this person was good, they might well have left other goodies behind when hacking (ie backdoors, agents to call out past security, keyloggers, etc.) The only path is a complete reinstall, from OS up, including all patches. If you have a known clean backup, then you can use that, but you still have to deal with #3.

Lastly - I am assuming that the recovery is including a complete site update. This may be necessary because of item #3, or this may simply be the best time. Either way - it takes time and money to get this stuff done, so our best actions is to thank CK for updates, thank CK and others for making this solution work and remember

Be careful out there in everything you do. Not paranoid, just careful. Criminals exist - we saw what they did to aspd - don't let a criminal take advantage of you.