MyBB Community Forums

Hello Everyone
Accounts are getting hacked in my forum and i found how hacker got it.
The hacker was a staff of my forum before. He apparently took a database backup. He is now logging into all accounts and posting things like "This account is hacked" I closed the board. Now i need help with how to mass reset all the passwords and send it to the registered emails. Is there any way to change all of the user passwords? There are 1500+ members in my forum.
Thank you for your time in advance.

you can try using force password change plugin by changing compatibility

(2015-06-02, 05:39 AM).m. Wrote: [ -> ]you can try using force password change plugin by changing compatibility

Yeah but, the hacker can log into the account and change the password to something he like?

^ a user can reset own password & password reset is done through email confirmation

Isn't this already available without a plugin? My forum has a password recovery option on the login page. I haven't tested it though. However I have had this issue once. Not sure how they did it but it wasn't fun.

(2015-06-02, 04:57 AM)ArtMachine Wrote: [ -> ]Hello Everyone
Accounts are getting hacked in my forum and i found how hacker got it.
The hacker was a staff of my forum before. He apparently took a database backup. He is now logging into all accounts and posting things like "This account is hacked" I closed the board. Now i need help with how to mass reset all the passwords and send it to the registered emails. Is there any way to change all of the user passwords? There are 1500+ members in my forum.
Thank you for your time in advance.

This is why you never allow anyone to have the permission, can manage database backups. Now on to the technical side of how to defeat it.

You are able to log a user out with just the database. This makes it so the loginkey will change the next time the user logs in. Execute this SQL Query:

UPDATE mybb_users SET loginkey='';