Sup all,

So unfortunately a malicious user managed to exploit some security vulnerabilities in vbulletin and could potentially have accessed the database. All passwords are salted and hashed so they don't have your actual passwords, but as per standard security practices I am forcing a site-wide password reset.

The malicious user did not access the server itself. The damage therefore was thankfully limited to just within vbulletin-related areas.

That said, I also used this opportunity to do a completely fresh re-install of vbulletin meaning we're now also on the latest version again.

Apologies for the inconvenience, everyone.