If you have been hacked, please run a "last" scan on your logs to see what IP's other than your own have accessed your account? If so, post the log here. This will help determine if we were hacked because of a security compromise on Dreamhost's server or not. I asked Dreamhost security department for help in figuring this out but was told they have well over a million accounts and manage thousands of servers and as such the system administrators may not be able to readily answer this.
Following are instructions on running a "last" scan to see what IP address have logged in using your FTP account:
1) In the dreamhost panel, click on "manage user" and edit your ftp account changing it to a "shell account".
2) download a shell program such as "PuTTy" which can be downloaded for free at: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
3) Login via PuTTY. You will put your web server for the host name. You can get this from the "Account Status" dropdown under "Your Web Server". So, it is says "XYZ" is your webserver, then under "Host Name" in PuTTY you would put "xyz.dreamhost.com". Click "Open" and it will prompt you for a user name and pass.
4) After you have logged in, type the following two lines replacing USERNAME with the username of your Shell/FTP account and hit return after each line. The first line will show who has logged in your FTP account within the last 30 days. The second line will show the previous 30 days.
last -i | grep USERNAME
last -if /var/log/wtmp.1 | grep USERNAME
If it comes back with no info and just another prompt, try taking off a letter at the end of your username and try again (ie. "USERNAME", 2nd try "USERNAM"). Keep doing this until it returns the log.