One of their staff members was compromised, he probably used the same password on Mybb.com as he did elsewhere.
I always make a point to use a unique and different password for every site. That way if one of my accounts on any given forum or website is compromised, it'll end there. That password is useless for anything else.