Today around 8am gmt+8 our forum was hacked by a user who was never staff.
The user managed to edit all our admin posts.
We have checked the logs and we can't seem to find out how the user who wasn't even staff managed to do this?
We did revert the posts back to the original post and it clearly states who the user was that edited it.
This is a huge security flaw and I don't think we can continue using XenForo after this as it will just happen again.