Most likely got in via the REST API they enabled by default in 4.7.
If you're super lucky, the API may have created a revision (I've never looked at the API code), but it's a long shot.
If your just a little lucky, they won't have touched the content and only the title, so it's just fixing all your title fields.
If your not lucky, then your content is gone, but you may have some older revisions in-tact containing most of the content you did have
If your unlucky, then your content is gone and you have no revisions, restore from a backup.
If your unlucky and very silly, as above applies but you forgot to set up some sort of backup system didn't you? Pretty much start from scratch.
If you do get it fixed, update your wordpress and plugins (and keep them updated), it won't save you from zero-day exploits, but it reduces the risk considerably.
If you want me too take a look for you, drop me a PM (I will need your hosting and database login details too look into it, so if you're not comfortable sharing sensitive information with a complete stranger, don't PM me, there's nothing I can do without them)
