It took me several tries to log in and I can't change my password directly because the old one is not accepted even though I'm logged in; I'm reluctant now to mess around before airing out a bit
One thing I have observed a lot lately is that the bigger the target, and the more financially rewarding the target, the more likely it is to...be a target. Any forum related to any form of financial exchange is going to be under constant fire. Somebody found the soft spot. Shit happened. No amount of howling and whining is going to help. I doubt that changing the forum software will help -- just Google "VBulletin hacked", or any other flavor of forum. PHPBB? Lordy!
The only way I know to prevent hacks is keeping software updated, and constant vigilance. Sometimes nothing helps.
SMF 2.0 Final was released some time ago. If I were running a forum (and I am, though a very small and quiet one), I would have upgraded it by now. I suppose there is some reason that hasn't been done. At any rate, that is only one of many variables in the security equation. I notice that others are blaming the host. I can't say where the problem lies, I don't know more than 0.1% of the specific details. I just walked in on this. I am merely observing.
Having made my observations, I will now see if I can get my pwd changed one way or another. It isn't used for anything else, anyway.
ETA: Successfully changed through password reset.