Is the MySql databases already restored from backup at this moment?
In this case it is a hacking of the MySql database where the user IDs containing the name (nickname), the email, the password, the IP
The password is coded SHA-1.
It is not interesting for the hacker to decipher the password (SHA-1) because it has been reset by the administrator.
Concerning IPs, many are dynamic so with change by the ISP periodically.
The only interest is the e-mails which often on a forum are only pseudonyms.
In the case of a database hack, you have to search the connection logs on the server to deduce the source, I think Comodo takes care of it to find the flaw, it takes time.
There is no point in rushing a restoration until safety is restored.
For the PHP language, like all programming, it has security updates that must be applied in relation to SMF, which has also undergone updates.
The PHP <=> MySql relationship needs to be upgraded on both sides to avoid hacking
Only administrators have the rights to access the configuration - repair - upgrade - backup of an SMF forum.