Can't have been the BOFH whodunnit it then
So, if you rent a dedicated server from Fasthosts, there's a lovely shiny button on your control panel to "rebuild server OS"...!
In the absence of widescale data wrecking and no large reports of people suddenly having had their servers reformatted, maybe we can safely assume the target was credit card data?
In the words of the PFY - "But my password - it doesn't explain my password!"
Think its been said before, but they havent even taken the hint on secure logins. Go to http://www.fasthosts.co.uk/ and click customer login. You're redirected to a non-secure page. You can MANUALLY stick https in your address bar, but if you dont, your user/pass is sent plain-text across the net anyway. But then, AFTER logging in, you're redirected to a HTTPS page!
Further noted is the complete absence of any strong password checking mechanism when changing passwords. Only stipulation is that is has to be 6 characters. Hmm, <clickety...> ahah "123456".