VestaCP's infrastructure has been compromised resulting in installation scripts being hacked to obtain root access to installed servers.
It is recommended that you
a) Immediately change ALL passwords
b) Look into an alternative to VestaCP due to their continued security vulnerabilities. Note: Changing passwords alone may not be enough if you have been compromised..