Gavin Schmidt has posted up his take on the past year. It's pretty much as one might have predicted, but this comment and response from Lucia was interesting.
LUCIA: Gavin– My visitors always ask and I can’t answer: Was the break-in to the Wordpress Admin area only? Or did they hack onto the hosted account on the server?
GAVIN: They used something to directly access the backend mySQL database (to export the password/user details to file prior to erasing them in the database) and to monitor logins to the ssh account. Neither of these things are standard Wordpress functions. I conclude therefore they must have hacked both, though the actual entry point is obscure. - gavin]