If this happened on a shared hosting environment, there isn't much you could have done to prevent this i guess. If somebody gets access to the server where your site is located, the only thing he/she needs to see is your _config.php file to get access to the DB. I guess this "Attack" wasn't targeted specifically at your Site, was it?
We've moved the forum!
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.