I've been contacted by a member that there was a norton lifelock alert for community.hwbot.org (not hwbot.org main site) this summer. If real (and I don't see why there would be false positives?), it means there was a vulnerability of Invision PowerBoard that got exploited. It's running an up-to-date version but it's not as if I check daily for new updates to install.
Community forums run on a separate server and a separate database. The server itself is only accessible using a private key, not with a username/password. I don't see any suspicious activity/traces on the community server, which is running a linux OS with 0 pending security patches. The database is not accessible from the outside world, only from within our Amazon VPC. We do take security seriously.
If invisionpb got hacked before they were able to send out a patch to customers, it sucks but little we could have done about it. We must assume that everyone using a community account should change their password ASAP. I'll make a news announcement.
If anyone can find more info about the community.hwbot.org data leak that'd be great. I have not found anything about this anywhere.