i can tell you exactly how they got in its an exploit through group.php which gives you the admins hash and salt then thy crack which gives them the admins password which gives them admin access which they can troll through the admincp which means he could have gotten anything in the admincp the way to prevent this is either deleting group.php or upgrading to the latest vbulletin version