Well changing everyones themes would not be a problem would it.
IF whm is screwed they going to have some problems, then its all via ssh and rebuilding it :/
Can anyone get ftp files? if you know the db info, you could use a mysql dumper..
i doubt anything is screwed, they probably just don't know how to fix it.
if the hackers were smart (which i doubt) they would have deleted all the themes including cpanel + change ssh port,and completely lock them out of the server, or delete everything!
But they weren't , i bet you they just deleted the main site, put up little hack indexes, and changed the index to cpanel (easy).
can someone check my theory about just going to phpmyadmin directly ?
thanks =)
(also even if whm is screwed, a good fixscripts, or even cpanel update (say from release to current) would fix it all, reinstalls everything