Thanks for the links, will check them out.
I emailed eleven2, and received this reply:
There was a security vulnerability released earlier this week and we were in the process of updating all servers. However, in this process one of our servers was exploited. We have patched the vulnerability on all servers and this is impossible for this to happen again. This secuity issue is definitely quite serious, but it certainly could have been worse given that only an index file was deleted. Sorry for the inconvenience and thank you for your cooperation.