My WordPress has been hacked

Hello,

I had since long ago disabled the option “anyone can register” form my wordpress blog, hosted at blog.antoniobrandao.com.

Today I logged in, and my credentials were gone, I had to request a new password.

Then I managed to get in and this is what I discovered:

1 – Circa 750 fake users had been created

2 – All of them are called “sec-w.com” and have different e-mails

3 – My own 3 administrator user profiles have been hacked and are called “sec-w.com” for this reason I couldn’t login because my username was wrong

—-

So my questions are:

1 – How the hell did this happen and how can I avoid it ?

2 – How can I remove all this 750 fake subscribers without doing it page-by-page? It would take like 2 hours to do it by hand!