XF 1.5 Database Breach

Senior Derp


I'm just going to dive right into this, earlier this evening we had our password database breached by a few "hackers." They've targeted multiple other websites, and the only major similarity we've had in common is that we seem to be using the same forum software. Now by no means am I trying to blame anything of this on xenForo, as I love their product, I'm just wondering what steps I should take at this point to secure my website. I have no clue how they did it, and I'd love some direction on where I should go from here.



XenForo moderator
Staff member
You need to identify the point of entry.

Was it due to a compromised account/password?
Other software on the server?
Another account on the server (if using shared hosting)?
An add-on?
Some other means?

We're not aware of any exploits in the current version of XF which would allow someone to hack their way in to obtain the DB password.