OK, I have found more info on the logs. Apparently someone has run a script that spidered the whole site trying to delete the content of each page. This didin't work because of ACL, but then they came via a link to a another instance which is "open" to editing, and there it worked to delete the content...
I don't know why anybody would bother to spend time writing sucha script, because it is clear that even if I hadn't had a backup that I could just roll back to, I could always mass-revert the latest change as well... well, maybe it was a test drive for a more advanced attack.
In any case, I got the IP of the script, and I have already informed their hoster (a large German hosting company with actually a good reputation) of the incident. Most likely, one of their clients has been hacked to run the attack via their server (nobody would be stupid enough to run this on their own server, I guess).
Just in this second a mail confirming that they classify this as "abuse" came in, BTW...