As a precaution we would recommend that you change your Hardy Tropicals passwords and change them anywhere else you have used the same email, username and password combinations.
At this point in time it appears the entry point was the new Wordpress based website rather than the forum itself.
We have added additional measures and monitoring to prevent a repeat of this occurring and will monitor the site for any other unusual activity.
Please accept our apologies for any inconvenience
We are attempting to send out an email to all registered users but due to the number of accounts this is timing. If you have not receieved anything we are still trying.
*UPDATE* Passwords were encrypted with the PHPBB V3.2 standard encryption and were not stored in plain text
phpBB is using the bcrypt hashing algorithm with a default cost factor of 10 since the the release of phpBB 3.1.