If you already deleted the awards then don't worry, I just wanted to check the reason they used for each one.
It is possible they used OUGC Awards to help with their ultimate goal, but it is unlikely they use it to get your moderator account access details (as OUGC Awards doesn't have this flaw as far as I'm concerned).
Does your moderator has ACP access ?
The reason I recall for one was "hackerrrr", others used the name of the site I linked, and some were blank.
My moderator does not have ACP access.
Any content posted under her account by the attacker basically disclosed my location (I assume based on IP as it was not accurate) and said stuff such as PWNED by Z0AD and mentioning the website linked.
I only wondered if OUGC was used because of the awards thing, just because it felt strange they gave out awards randomly, and it was a plugin I saw listed here as having an exploit on the version I was using:
https://www.exploit-db.com/ (search mybb to see it).
There were also other plugins in the list that I use too which were outdated, so it could have been those too, if any were used at all.
I think it is safe to assume he used OUGC Awards to some extend, otherwise there would be not much reason to grant awards (why not PM every user instead, for example ?).
Does you main account has ACP access? I still have no clue how they would have gained access to any account but I'm certain it wasn't with OUGC Awards, otherwise there would be a bunch of mess by now (many sites use this plugin).
Did they access the ACP or only the front-end?
No ACP access, since I have 2FA on my account and so even if my account had been compromised, they wouldn't have managed to gain access to the ACP.