[Secrets]

This sounds like a layer 8 problem for sure. I advise you use the OSI Model to solve this issue.

Quote:

Step 1, Physical Layer. Is your computer plugged in? Yes, it must be, someone got access to it. This must not be an issue.

Step 2, Data Link Layer. Is the attacker on my local network? Yes, because they got to:

Step 3, Network Layer. Is the attacker remotely attacking us? Yes. Let's check the layers to make sure this is the problem.

Step 4, Transport Layer. Is the port open? Yes, MySQL is open to the public. This could be a problem, especially if you have no password for MySQL.

Step 5, Session Layer. Is there a session opened for the communication? Yes, because with the information provided, they attacked you.

Step 6, Presentation Layer. Any encryption, etc? What file format was the attack in? Probably plain text, and you had no password to begin with. Oops.

Step 7, Application Layer. They got to MySQL on the other side, and you probably had a service running that allowed access to your computer from Windows. Or they used Navicat to start services. Either or, this leads us to:

Step 8 (?), User or Political Layer, "I HAD NO PASSWORD, NO SECURITY, NO NOTHING AND YET I GOT HACKED WTF?! WHAT IS THIS I DONT EVEN"

I hope that was informative to you for securing your server next time.