Backups...
"Since last night, I've had probably 40 phone calls from clients saying 'Why is my website down,'" said Daniel Voyce, a web developer for Nu Order Webs who uses Vaserv to host customer sites. "It's making me look bad."
I have no sympathy here, if you are using low cost hosting and not backing up your customers data then it's your own fault.
They explicitly offer a cheaper service without backups, and if you made the conscious decision to use the cheaper service which doesn't offer backups then you are either not storing anything of importance on it, sorting out your own method of backups, or stupid.
I have a cheap VPS with a plan like that, it's sole purpose is as a backup DNS server, which retrieves the data directly from the main server. The main server has regular backups, the backup DNS server is never backed up. Were i to lose that server, it would be a trivial case of copying a new set of data from the master.
"Voyce said the hackers, given the high level of server access they gained, were likely able to intercept a wealth of sensitive data stored on Vaserv's servers. Voyce said his customers are safe because all sensitive information was encrypted."
It may well have been "encrypted", but where were the keys stored and what type of encryption was used? I've seen lots of deployments where data is stored on an encrypted filesystem, but the key has already been entered into the system so that the database can access it, meaning you can still access the data from the running system, the encryption would only protect against someone stealing the physical drives. Sometimes it's even worse than that, the keys are saved on the machine so that it can access the encrypted drives at boot without user intervention required.