I'm sure that's the question on everyone's mind...
I have explained this in the announcement located here: http://www.virtualteen.org/forums/an....php?f=10&a=17
To be a little more specific, the hacker(s) gained access to the forums by using an exploit for 3.5.4. Like I also said before, the exploit allowed him/her to get everyone's passwords. With that, he/she was able to get to VirtualTeen's FTP either from reading private messages/passwords or simply deciding to brute force the server. After the first attack (which the attacker replaced the default theme's images with sick pictures), the index was renamed. I'm not quite sure if the hacker did this for malicious purposes or if one of the other admins did it to try to protect the site. After that, something went wrong with our SQL database.
It's taken a lot of work, but now we are running on more secure, newer software and we have most of our data back. I have also increased our security by a large margin by setting up a double-protection on certain files.
Please note, there is still a lot to be done. The styles we have were made for vBulletin 3.5.4, not for vBulletin 3.6.0. I have had to revert all the templates in each style back to meet the required standard of 3.6.0. I must edit these again, in a new fashion, so the styles will properly work with 3.6.0. Until I get everything straightened out, I strongly recommend using the actual "Default Style." You can still use other styles, but they might look weird and might not work completely the way they're meant to.
Though the latest backup of the SQK database we had was from July. The result of this attack is that we have lost about a month's worth of data including: threads, posts, polls, poll votes, ratings, forums, members, private messages, and reputation.
If you have anything to say about this, say it here - do not fill up the HQ, TCS, or TWPR with threads about this attack.