It should be a serious red flag that your VPS host is generating root passwords simple enough to get quickly hacked.

Although disabling the root user is a good part of security, leaving it enabled should not alone cause you to get compromised. If it did, you were either running a very old version of OpenSSH with a known flaw, or, your chosen root password was very simple.