was my WP mysql db hacked directly?

My WP site was hacked. The title of the site was changed to BillyJump, the email address for the site was changed, all the plug-ins were de-activated (causing the site to show only errors), a single post was altered to contain an insulting comment, and – most mysteriously – three identical Hello World posts were made for that day along with three of those comments that are part of the ‘default’ installation (all made by administration, btw).

So, my question is: was this an inside job? My feeling is that this hack represents someone manipulating the MySQL database – not someone with admin-level access. It looks to me like someone messed around with the actual database, flipping off the plug-ins, changing the title and email, and causing those ‘default’ posts and comments to be made.

Does anyone know enough about how those ‘default’ posts and comments could be made to appear to have an expert opinion on this? I certainly don’t know of any way to get the Hello World posts to appear.

(If they had admin-level access they could done a lot more – including changing the admin password. Though it may be they could have done that through MySQL, as well, and simply didn’t.)

Any help would be appreciated. I’m really trying to narrow down how this hack could have happened.