Since there still seems to be a debate about exactly what weakness was exploited, that conclusion is unwarranted.
For that matter, a truly thorough cracker (with more time than constructiveness) might go to the trouble to identify more than one weak point, hold some in reserve, and exploit them sequentially over time - either to offer a more depressing experience to the site owner or to discredit the site's technical team [taking advantage of people willing to jump to your conclusion :) ]
If there is more than one weak point, do they even need "conclusion-jumpers" to discredit their technical team? Assuming of course that it's not more than one 0day.
Getting hacked twice in short time doesn't automatically mean incompetence. There could be literal dozens ways of entry - including all the third party javascript services they run. Also we don't even know if the attack was done using a 0day exploit.
A sign of incompetence would be if they had their whole database wiped out and they did'nt have any backup (ala codinghorror.com) or they got hacked exactly the same way 1 month from now.
Getting hacked 2 days in a row only means they couldn't find the weakness yet. 48 hours is not a long time. Twitter gets hacked more often than this.
They very well could be incompetent, but you are judging too soon.
> Getting hacked 2 days in a row only means they couldn't find the weakness yet.
Because, you know, restoring from a backup is the same as securing a site, right? And there's no way that a hacker could do worse things? Because infecting some visitors or something similar wouldn't hurt their reputation?
Sorry for the outburst, but this happens way too often.
