This sounds like it was either China, Russia or North Korea. They have been attacking the website I run for Big Time Youtubers which recently started. I'm not advertising it but it sounds like they found an exploit in the system big time to access personal data of each account which is quite scary. Possibilities, could be ISIS, Anonymous, or just some scriptkiddie that managed to hack into the site's database.
The best thing to do is find out the source, find out who did, if its a Chinese IP, Russian, or Korean, Ban the entire range because they will never stop until you give up, Look at the logs of which IP visited possibly 1-6 weeks back including today. Finally get a backup data unit rolling. Also close ANY remote ports that you may have open for third party... I understand the problems that it may cause but the hackers nowadays are attacking phpmyadmin, phpadmin, webadmin, ports such as 3306 which is the SQL server port and possibly any remote ports that you have open besides port 80 and 587 or 25.
It doesn't hurt to think like one, thinking preventive measures, thinking how they attack, and knowing when it will happen. My experience with hackers is 500 fold knowing how they will attack at random. Hell, I could be knocked out tomorrow and not even know about it. Plus also I forgot to mention is phishers who love making fake ass websites to get your info.
Please take these hints, these skills I know and make sure it will not happen again.....