>>71
I see. I'm only used to simple web forum software which only has a central config file for all the crucial settings.

This means the attacker had all the relevant pieces of information to connect to the MySQL database. As it's external to the web server (and hopefully protected by firewalls and MySQL ACLs), it all depends on whether that access was writable as well, because that means you could have dropped in a small PHP dumper script that exports the whole database, for example.