As Boone told you already, there are no known security issues with BuddyPress.
Can we figure this out? There must be a method for third parties to gain access to private groups, as it has occurred on my site.
I running the latest versions of WP and BP.
I use a modified version of ElegantTheme eStore.
I use WP eMember to protect content.
I don’t believe any other plugins could conceivably conflict with this issue.
I believe the person was using a program to access the content, as I have access to a cropped screen grab of the content from them and it doesn’t look like my site.
Since your site was compromised, and you are the resident expert with your configuration, we rely on you to fill in any gaps that you can.
If you get to the point where you’ve identified a clear and repeatable security issue with WordPress, BuddyPress, bbPress, or any other plugin, let is know by checking out the following page:
http://codex.wordpress.org/FAQ_Security
Thanks, and good luck.
