This was a few years back when I was very new and we had recently migrated from 6 to 7, so memory is a little thin. However, we noticed some questionable links on our Drupal content, and found that our admin account was hacked.
While browsing or editing the site, we discovered links to various advertisements inserted into our webpages (links to "buy pills" and "click here for discount...", etc.) After looking through possible security breaks in some of our themeing modules we traced it back to edits by the admin user account.
So we implemented a system wide password reset, locked down our account creation and login processes to https only, and never saw issues after that.
Recovery was easy as we deleted the ads from our content (the consultant used a search scanner module to find all edits).
This is a pretty simple situation of making sure your login process is secure and passwords aren't default or easily hackable, so I'd rather not discuss it on skype.
Cheers,
Amanda