It's possible that someone got their hands on the old hacked database from May 2015 and decided to actually attempt to get into accounts with info that they gathered from that database.
This.
A lot of the 2010-2012 accounts do seem to be compromised. In 2012 the site was changed to use a much stronger hashing method for passwords. In 2015 the site was hacked and the database (with password hashes) was leaked. It would make sense that the hashes from early accounts are easily brute-force-able.
At this point I would assume that the 2013+ accounts are unrelated though and probably hacked due to re-using passwords on other sites.
I estimate around 30%, or 30,000 early accounts, under u=100,000, are hacked.
You know the forum was hacked in 2015, yet assume 2013+ accounts are not related? I don't understand this. Anyway, whoever is responsible for hacking multiple thousands of accounts is not as important as weather admin are taking any action against the hacker/s.
Overall, I do assume most of those old accounts are newbie accounts (most even by spambots) where the owner didn't login after 2012 (as that would update the password hash.) Basically the potential damage is very limited. He might be able to sell those accounts though. I don't think admins can do too much against it. But if there is a very clear pattern (like all accounts logins from same IP), obvious accounts could just be frozen IMO.
Most accounts on the forum are newbie. Most accounts have never been used. So by law of averages, the hacker will hack a fairly equal % of those.
Many accounts after 2012 are also hacked. Lauda's list below are 2013 and 2014 accounts. Lauda's previous list was longer and more diverse.
I have already provided an example of brand new hacked accounts (old accounts, but never posted) being used to farm reputation/trust, and previously used accounts trying to get into paid campaign's.
How can 100,000 accounts be hacked, Mods can't do anything, admin don't respond, and you say "potential damage is very limited - he could sell those accounts"?
There is a clear pattern, which could be automated not freezing 1 account at a time. No hacker will just use the same ip.
I have explained what can be done. If admin (or yourself) don't understand, they could ask for more details.
------------
All 3 accounts "reactivate" March 18, 2017. All with previous post history ending a year or 2 years ago - "dormant"
All 3 accounts post in time rota, making 94 shitposts between them, minutes apart, spread over 4 post session's on march 18,
It is absolutely disgusting that nothing is seriously being done against this.
I've tried to give admin time to respond here, even that is too much bother for them?
All that needs doing NOW is as i explained to hilarious, "Without going into every detail, i can assure you that simply saving snapshots of user base activity would create evidence that could be refered to any time in the future."
That would take minutes of work for admin, and would preserve all the needed evidence for any future action. To fail to do this is to allow the hacker to slowly cover his tracks, to allow all easy to use evidence to disappear. For admin not to do that simple task would be negligent, even complicit?