several weeks ago there was a security weakness exploited within IP BOARDS this forum software. there was some defacing done but no evidence was found at the time of compromise to the DB. Not saying it didn't happen but that i didn't find evidence of it.
If they had access to your web server's file system, they could read surely read your database. Now, you have evidence of it with this thread. It happened. It would be responsible of you to force a password change for everyone, and email all your users and advise them of the breach in case they used the same password somewhere else. Fortunately I use unique passwords for everything too, so this doesn't affect me.
Given that that was weeks ago and you 2 are the only reports of emails getting similar spam.
How many of us do you think used unique email addresses to sign up for your forum? Most people wouldn't know how a spammer obtained their address.
i suspect it is something else you both have in common. some spyware or cookie based exploit.
I haven't used my AutoHotkey email since 2012 when I signed up for this forum. It's long since been deleted from my email trash. Literally the only record of it anywhere is on your servers - and with my email provider, but jonta and I use different email providers, so there's no commonality there.
Would you guys at least try checking?
I'm not sure there's much to check, unless they log all database queries and still have the log. The evidence is pretty clear that the emails were exposed during the hack. The question is whether the admins will do the right thing before too many of the passwords the hacker obtained are brute forced and used.