Hi,
A friend of mine managed to his small 200 user forum hacked due to reusing passwords from previous sites. I was looking at it and there was no evidence the server itself was breached, just the ACP, it was actually running on my server which is secure. ofc all users are dumped.
I just have one question - could the hacker have put any significant malicious code using the search and replace? i noticed what you can change in there is kinda limited, but is it possible they could've made modifications to plaintext logins for example via the ACP search and replace feature?