The official phpBB website has been taken offline after it was hacked. The phpBB team are keen to emphasize that the hacker exploited an out dated installation of phpList and that there are no [known] issues with phpBB itself.
The hacker managed to access the phpBB.com’s community forums and dump a copy of the users table this has obvious issues in terms of the email addresses and passwords that were stored. Whilst phpBB3 uses an advanced password hashing algorithm users who had not logged into the phpBB forums since it was upgraded in 2007 will still have passwords stored in plain md5 which isn’t as secure. The best advice is to change your password at any location if it was the same as your phpBB password.
Every page of the phpBB website has been down since Sunday and as a result a number of the style downloads which are linked to from here will not work until the website is back online.
