Critical: Someone has logged into my site and installed a theme

Hi,

As you can see in the screenshots someone has logged into my site at 5.41 a.m and installed a theme called the wrc theme viewer,
Here are the full details:
/*
Theme Name: Default
Theme URI: http://wordpress.org/
Description: The default WordPress theme that graced version 1.5 to version 2.9, based on the famous Kubrick.
Version: 1.7.2
Author: Michael Heilemann
Author URI: http://binarybonsai.com/
Tags: blue, silver, white, two-columns, fixed-width, right-sidebar, fixed-width, custom-header, threaded-comments, sticky-post, rtl-language-support, translation-ready
Text Domain: kubrick

Kubrick v1.5
http://binarybonsai.com/kubrick/

This theme was designed and built by Michael Heilemann,
whose blog you will find at http://binarybonsai.com/

The CSS, XHTML and design is released under GPL:
http://www.opensource.org/licenses/gpl-license.php

*/

Now the problem is there already was a theme called default and it was the directory theme. This theme has completely overwritten the earlier one and now these sites are not displayed correctly,
http://bit.ly/1BGGWcd
http://bit.ly/18CQYBy

Apparently the intruder hasn't done anything else than installing this theme.

1. How's this possible? (I've only given admin credentials to people who I trust and I know they wouldn't do this)
2. How to prevent this from happening in the future?

(I have a snapshot so hopefully I can resolve this)

Highly appreciate any advice
Thanks