I've updated the announcement, it should be visible to users.

This forum was compromised around the beginning of Sept 2013
There has been a security breach on this forum. We take information security and user privacy very seriously, and appologise for the breach and any inconvenience.


The Vulnerability that allowed the breach, has been removed. The forum and web site have been rolled back to a point before the vulnerability was exploited. This will result in the loss of posts and discussion, including any CMS articles that were created and uploaded between 30 August and 12 Sept 2013.


Please note:

We believe that attackers were able to access all user email addresses and hashed passwords on the Forums. While the passwords were not stored in plain text, users should assume that the hashed passwords have been compromised, therefore we ask that all user take the precaution of changing their password on this forum. If users used the same password on other services they should immediately change that password.

The attacker had full access to the vBulletin environment as an administrator and shell access as the ‘www-data’ user on the Forums servers. Having administrator access to the vBulletin environment means they were able to read and write to any table in the Forums database. It is therefore entirely possible that they used this access to download the ‘user’ table which contained usernames, email addresses and salted and hashed (using md5) passwords for all users.

The forum is run on a server dedicated to our forum services, entirely separate to our email servers and our main web servers. We do not believe - and can find no evidence of - illegal access to our mail servers or main web site servers.

PLEASE CHANGE YOUR FORUM PASSWORD