Hi, I'm new around here but this subject has been my bread and butter for over a decade so I thought I'd throw this out there if it can help anyone.
This is most likely the result of what's called a SQL Injection attack. Badbonds.com is built upon a Php based system called SocialEngine and there are articles about this vulnerability.
Essentially what happens is that the hacker finds either a form field (ala a text box like username, password, subject etc) and types malicious commands in it or they discover a page that accepts a query string (the stuff that shows up after a "?" in the url - like on this page that I'm using now.
posting.php?
mode=reply&f=13&t=10341 ) they replace the expected commands after the ? with malicious ones.
If this has happened it's possible that any of your non encrypted data in the database could have been compromised.
When building any web based solution it's prudent to do a few things, more so when it can be assumed that there are people who will actively want to shut you down.
1. When you talk to your contractor / consultant / agency make sure that when they write you a Statement of Work that they also include a section for security. Other than documentation It's one of the most overlooked part of any development project contract. Clients usually assume that the product that they are paying for will be secure but if
it's not in the contract there will be a Project Manager out there who will tell their development team that security measures are "Out of Scope". It's not dissimilar to asking a dealer if the car has air bags / abs etc before you drive off the lot. One of the phrases to include is "All pages and form fields will be made secure against SQL Injection Attacks". Depending on your project it is also a good idea to specify what private data should be encrypted, such as usernames and passwords. This ensures that even if the data is compromised that it's unlikely that the perpetrator can do anything useful with the data collected.
1.a Logging. Not all systems are setup to record every activity that occurs within the system. If security has been breached there are ways to recover, review, and respond but it's a good development and security practice to log things like ip address, date/time of the interaction, username, etc. If you take the time to setup basic security (username / password) it's also good to know who did what, when, and from where. If your developers tell you that's a lot of extra work they either don't know what they're doing or they're bsing you. It's good to get back on your feet but it's also very satisfying to know who did what when so you can follow through.
2. Backups. It is not difficult technically to have your developers make sure that the data that's in your website is backed up. I strongly suggest an automated nightly backup around 2am. You probably don't need an indefinite record of nightly snapshots, an ongoing record of the past 7 days should be sufficient. Your developers should also be using something called "source control". Where the database backups allow you to restore all of the data, source control ensures that you always have a secure record of the most recent, tested, and approved version of your code. If you have source control and nightly backups you can recover from even the most damaging attack within a couple of hours if that. Again this is important to include in the contract. If you have very sensitive / mission critical information it's also prudent to request that data and code be backed up to a physical device or even backed up and then stored at a secure location.
3. Maintenance plan. This is your "Plan B". It's infuriating for a client if you have to call the people who built their product and hear that they don't have the resources available to help them right now. "We're really swamped right now, we might be able to look at it in a few days". Again when you write up your contract outline things like response time to critical, business stoppage issues, rates, etc. Sometimes agencies will want a stipend or monthly fee, you can work that out. What you do want however is to be able to dial the proverbial "911" and have someone pick up who will drop what they're doing, find out what happened, fix your problem, resolve what allowed it to happen, and get you back in business asap.
I hope that this was helpful. I think everyone has felt burned at some time by some sort of service be it contractors, plumbers, mechanics etc and development projects are no different. It's just another subject where if you don't know what you don't know you might not get what you expected. If you have any questions I'd be happy to see if I can help you out.
Brett
.........That would make you similar. 
(or any other day that ends in a Y)