Users(especially admins) changing passwords regularly is standard 'best practices' to thwart unknown breaches(which I'm sure the admins here are aware of since password changes for everyone regularly is standard practice), data breaches in message boards are inevitable; not just in vBulletin. There is no cause for alarm, it's better to know about a breach to be on the lookout for future ones than to assume there has never been a breach with a false sense of security.