Joomla! site hacked through a security hole involving the retrieve password feature

Joomla 1.5.15 hacked
Hacker: SilentAssualt (to people hacked by same group find this page)

What happened?
I got an email that I had requested to reset my password (even though I hadn’t requested it)
Later that day I noticed that my site had been hacked!
My password had been changed through a trick involving Forgot password, and now someone else was in control of my site.

The index.php page had been replaced with “Hacked By SilentAssault” page

How to fix it
This article/video shows how to reset your admin password, even though I’m not sure the hacker used the same techniques because my Joomla! was 1.5.15 which seems to have fixed the hole that broke his site.

Steps

Tip: To avoid these steps in the future, you can create a second account with super admin privileges as a backdoor account.
•    Go into your database through PHPmyadmin.
•    Get to the users database table
•    Browse the data in that table
•    Find your Super Administrator User
•    Edit those fields
•    Create a new password, enter it into http://www.md5encrypter.com/, copy the encrypted password, and paste the encrypted password into the password field.
•    That should let you login to yoursite.com/administator
•    For future security: Go to Site -> Users -> Super Administrator and change the username of the Super Admin away from admin to something else to make it more difficult to hack your account by this scheme
•    For another layer of security, you can delete or rename the compenents/com_user/views reset as a crude way to disable the ability to reset password feature.
Fix the page
•    FTP into your account, and navigate to the themes folder.  My hacker had replaced the index.php page (and possibly the params.ini file).  Re-upload those files and overwrite the hacker files.
•    I also had a new file in my images folder.  I deleted everything updated in the past 24 hours.
Hope this can help someone.