I know who it was... I deleted the post where the OP said who it was
Ahh, si. Anyway's, Negative bring's up a good point. All of your database file's must have been in one web-based control panel in which he hacked or gained access to.

email hostrocket and ask them to change your FTP-password(s).
Must be a pretty bad host if you couldn't do that manually yourself in the event of a hack though, right? I mean it could take their tech support days maybe a week or two to get to that. Heh, dunno.