It's a DNS Poisoning attack.. They managed to change the IP addresses of the websites in the Global DNS and redirected all traffic to a free web hosting site (000webhost.com), where they published the alternate web pages, but the original sites remains un touched and all information remains safe, so you don't have to worry about credit cards or any Personally Identifiable Information (PII) that might be stored there.....