Yes it was hacked. Server files had to be reverted to a backup for a site issue, but unfortunately we went back to a backup that had the install directory as well. Hackers used a known flaw in VB to gain access to the admincp and set up a simple meta refresh for the default skin, which is why logged in members didn't see the redirect. Just another traffic stealing hack, by a script kiddie using a known flaw because of a little carelessness on our part. Apologies.
Don't worry about your passwords or personal data being hacked, because logs show they didn't access anything but the templates to get the redirect. Besides, all data is stored encrypted in vBulletin, so even I cannot read your passwords, though I can change them to something else. Theoretically, I could try and bruteforce your password using the encrypted hash that's stored in the database, but it would take about 10 years computing time per user, so certainly not worth the effort
vBulletin is secure and no worries. However, it does leave us with an egg in the face for overlooking something as simple as the install folder
For those interested in the vulnerability:
Potential vBulletin Exploit (vBulletin 4.1+, vBulletin 5+) - vBulletin Community Forum
*thehackernews.com/2013/09/major-vbulletin-based-websites-are.html
Update: Avatars set after the end of August may need to be set again, apologies