Usually in a case like this, the hacker has redirected the domain to point at a different host. They can't get into the data on the original host server unless they also crack the password(s) there. Hijacking the domain is a little easier, although a good registrar should have tools to verify the identity of anyone attempting to make changes. If the domain hasn't been locked for some reason, though, a request from another registrar to transfer ownership is sometimes enough. I'd agree that GP's domain seems like a small target, but if the hacker has some way of scanning for unlocked domains, it may have simply been an opportunity attack rather than a deliberate assault on that particular web site.