The breach evidently occurred when an individual found out where the online publishing function of the riaa.org Web site was located, and discovered that, at the time, it did not have any authentication measures, such as a password, protecting it.
This made it possible for anyone on the Internet to post content to the RIAA's press release and news sections, which after the word got out, is exactly what happened.
The RIAA subsequently introduced password protection to the online publishing area of its site.
The RIAA is well known for coming up with some fairly radical ideas about how to save the recording industry from copyright piracy perpetrated on the Internet.
In October 2001 they unsuccessfully lobbied to introduce a bill that would give copyright holders the right to hack into and disable computers involved in illegal file-sharing activities, such as rogue FTP servers. They even wanted the right to delete files from targeted systems, although they later toned down their list of demands.
They have also taken an aggressive stance against peer-to-peer (P2P) file sharing networks; it was the RIAA that put Napster out of business in 2000.
The RIAA also wants legislation allowing them to run Denial of Service attacks against P2P networks legally, a move that has angered many online groups, including the online civil liberties group, the Electronic Frontiers Foundation (EFF).
The EFF said that the proposed legislation would permit copyright owners to "...violate the law. This unprecedented power has never been granted even to law enforcement, much less to a single industry".
The RIAA's controversial stance has made them a prime target for hackers of all breeds. From script-kiddies to hardcore black-hats, everyone seems to want a piece of the RIAA.
It wasn't that hard for them to get their piece in the end though. According to a report on the Register regarding a previous defacement that occurred in August, those attackers also used the online publishing function (/admin) to alter the Web site's content.
If they had a law that allowed them to attack sites for copyright infridgement what's stopping those same sites attacking the RIAA for the same reason? There wouldn't be. This would create an environment where hackers could run wild attacking sites legally all over copyright infridgement.
It's a really stupid idea when you think about it.