This might not be so much of a hack as maybe a database deal, but I thought I would start here with you all.

Our board was hacked through that memberlist.php security hole. I am upgrading to 2.2.6 now to combat that, but I am concerned about user information integrity.

Is there any way of setting up where the users will be forced to change their passwords once I finish the final hacks on 2.2.6 and am ready to go on line?

You can first email them to change their password at X date and then run a SQL command to rewrite all existing passwords of the users in the db (dont rewrite your own too!) ;)

So when members come to your site, they wont be able to login anymore and they are forced to use lost-password tool to change their password automatically.

Thanks, I will give that a try!

:)