The machine hosting his website is a shared Windows server, running Frontpage extensions. It's very likely that the intrusion was caused by a weak FTP password.
Security issues like these are a constant threat to any web presence, irrespective of its scale. For small websites (e.g. FTP-based on shared servers), I would always recommend sticking to the following policy:
- Never trust anyone else with passwords
- Always change your passwords (bimonthly at the very least), and keep them random
- Use a tool like Password Safe to keep track of your passwords
- Never transmit passwords via voice/email/IM -- if you have to transmit passwords to someone else, opt for one-way SMS
- Never transmit the username and password (and other credentials) together -- always transmit the password independently
From a list of 100,000 passwords for a German dating site, we learn that 123456 works 1.4% of the time and that 2.5% of all passwords begin with 1234.If you're in the mood for more reading material, check out the comprehensive Wikipedia article on weak passwords.