Along the lines of what ScottC said, I think some app somewhere on the server was at risk. The potential irony is that this week's Security Now was all about SQL code injection vulnerabilities. Depending on how your hosting company's server is setup, it may not even be your fault. If they only have one instance of SQL running, for instance, and someone else is using a vulnerable app then it could give a malicious hacker access to the entire server...thus your page was just a victim and not even the subject of an attack.

That being said, a little more info would be helpful (not only from a diagnosis standpoint but perhaps to help others)... For instance, almost every budget or even 'business' plans, hosting companies only supply FTP and not SFTP. Since FTP is soooo hackable, that alone could be the problem. Then again, if your run any 'apps' on your page, they could have exploits.

I use Joomla to host some of my sites and I've noticed that the security is good, but not boomproof by far... Anyway, a little more info would be helpful.... and if you hear more from your hosting company, please keep up posted! I think we are all very curious as to what the problem may have been (and how to prevent it).