My argument is based on the fact an email address was changed without letting the owner confirm it, it can be referred to as unauthorized change of ownership. In this case, everyone's account is at risk, including the admins.
This has never been in place, and by registering on the forum you don't even have to verify the email. If you had a problem with the security of the forum you could've brought it up. Many have, though. The new forum software will likely have some sort of 2fa authentication so there's that. However, no one really knows when that's going to drop.
That being said. Have you got a signed address? If you have you can start the recovery process, and in the mean time get DefaultTrust to tag it so it's basically useless to whoever hacked it.