Likely they haven't hacked your forum password, but have likely set the "recover password" option of your email address to be theirs, so they can recover the password at any time.
Another answer would be that they have a keylogger on your computer, which would log all actions you type; so all they'd have to do would be go through their log and search for your username and whammo, your password...
The keylogger could be the answer, assuming you downloaded something at one point in time; it's kind of hard to say.