The blog was breached because it had not updated their WordPress version to the latest patch, 3.5, but was still running WordPress 3.3.2, which has known flaws such as "Cross Site scripting, File upload vulnerability, Cross-site request forgery (CSRF) etc”.
The defaced and cached version of the international financial services company's blog can be viewed on Google’s Web Cache.
The CSRF exploit is said to be available on the Internet and allows an attacker to add a new administration user. This is a possible explanation of how the "Syrian Electronic Army" managed to hack and deface the blog.
It is always advised to bloggers and anyone running WordPress to upgrade to the latest version as soon as possible as this eliminates the risk of your website or blog being susceptible to vulnerabilities and exploits.