Changing your password shouldn't make any difference (however I could be wrong); the majority of site takeovers are done via SQL injection vulnerabilities/data validation flaws.
phpBB RC5 hasn't been around for that long, so a takeover so quickly is unusual, but the flip side is that it hasn't been around for that long, so may have new bugs that previous release candidates didn't. There was an exploit in I believe RC4 which allowed for site takeover (that was a Turkish-based exploit too), but it could only be run by a user with Moderator status.
Your best bet would possibly be to keep extensive logs on which pages each user are accessing while you are using newly released software. That way you could find out who initiated the attack, and which page they used to do so.

I've had phpBB3 RC3, RC4 and now RC5 hijacked - smf was also hijacked this time.
Sites are only mentioned in a private forum on my sanctuary site and only people who've joined are people I know.
I was assuming (guessing) some form of cgi access but I seem to be the only one who's had this problem.
Fortunately I'm only using my PlusNet space to learn more about forums - I've got a friend who does clever bits for me on my other site.