RE: Experience a website hacking?
Back in my younger years, I owned a forum based around a virtual game, it got hacked by sql injection. Thankfully they never had cPanel access so my database was secure, the account affected wasn't master admin either, so they couldn't view the user tab in admincp, but they did mess up my theme and release it.
I also visited other forums which had the same issue, turns out it was the forum software and several plugins had a vulnerability issue, which was patched up but the so called hackers turn to methods such as ddos.