phpBB.com, which hosts the popular open source forum software phpBB, has been compromised. On Dec. 14th, members of the development team discovered several web servers that power the website were compromised and immediately suspended operations. Users are not at risk as the phpBB software is not affected.
According to an ongoing investigation, initial entry was gained through a staff member’s account. The attackers obtained access to the phpBB.com and area51 databases, meaning that user information, including hashed salted passwords, was also compromised. Area51 is a phpBB development website maintained by the phpBB team.
Additionally, all logins on area51 between Dec. 12th and Dec. 15th were logged in plaintext. Despite the passwords being hashed, users are encouraged to change their passwords, especially if you use the same password on other sites.
When it comes to using a forum in WordPress, bbPress is usually the go-to plugin because of its tight integration. However, there are a few plugins that bridge the phpBB forum software with WordPress. WP-United is one such plugin and has nearly 40k downloads. Its popularity indicates several site owners connect WordPress to phpBB instead of bbPress.
The team is in the process of restoring its website. Once the servers are back online, they will provide full details, including the steps they’ve taken since the compromise.