The Register has published the details of how the RIAA web site got hacked.
It turns out that the RIAA left the admin tools of their web server active, without any password protection. To “secure” the site they set their ROBOTS.TXT file to ask search engines not to index the admin tools directory.
The hackers looked at ROBOTS.TXT to see what the RIAA didn’t want people finding via Google, saw the /admin directory listed, went there, and found they had total back-door access to the site.
I hope the fuckwit RIAA webmaster got fired. I mean, it barely even qualifies as a hack. It’s like walking through an open door that has a big neon sign next to it saying “Please do not walk through this door”.