In Motion acknowledged the breach as :
At around 4am EST, our system administration team identified a website defacement attack affecting a large number of customers. We are still investigating, but it appears that files named index.php have been defaced.
If you have a backup of your site, you may upload your index.php files to correct this. You may need to do this for each directory. If your site uses an index.html or index.htm, you will need to upload those files, then delete the index.php."
Later Update by InMotion:
"Systems has been successful in restoring a portion of the affect sites. They are refining their repair method now and should be able to begin deploying the update to additional sites shortly. Please bear with us for another 1 hour when we feel we will have more information to share."
TiGER-M@TE is the same hacker who successfully deface Google Bangladesh website. We interviewed TiGER-M@TE, who claimed to be hacking since 2007, working alone, and only using private exploits and zero-day attacks.
The hack saw the homepage replaced by the words "Server HackeD by TIGER-M@TE" alongside the hash tag "#Bangladeshi HackeR" and the text "Greetz: aBu.HaLiL501; w7sh.Syria; Sy-Hacker; NmR.Hacker; Wa7sh Hacker; h311 c0d3". This was accompanied by an email address along with a banner reading "Underground Hackers 2007-2011".