I don't think you did this hex.

The pattern is pretty typical. Someone finds an exploit in a piece of software or an OS and then decides to try it out somewhere that hasn't been patched.

Something similar like this happened to my friend's unix server about a year ago. Someone found a known exploit in the Apache server and decided to go to town with it.

Same case here I'm sure.