This is actualy fairly common, we went through it a couple months ago at the office.

Using different issues in security, people are hacking into ISP's and making global changes to all the websites they can get access to. It doesn't need your username or password, it's just going directory by directory on the server making changes. It almost always happens on weekends so it goes unnoticed until the business day on Monday.

Your host needs to stop it, so drop them a note if you haven't done so already and let them know. If you use your host to keep any personal files like passport copies or anything like that so you can access them, consider they may have been compromised, and get them off there.

It's not fun to fix, but they go from host to host doing this.