"The nightly full backups that were downloaded expose all public forum posts, all team forum posts, all messages sent through the user-to-user messaging system, and user data including forum username, email address used for notifications, and an encrypted (hashed and salted) password generated by the MyBB (v1.8.27) software. At the current time, we have found no evidence of unauthorised access to the underlying server that hosts the MyBB software.

Although MyBB stores passwords in an encrypted format we must assume all passwords are compromised."