Someone May Have Hacked My Website, What Do I Do?

So a few weeks ago we had someone who came onto our forum and completely tried to destroy it by vandalism. Luckily, TL0 users must have posts approved, so none of them got through… Fast forward to now, and I get a mention on Instagram from some random fake account showing a screenshot of one of our anonymized users. The picture was definitely a screenshot taken from discourse, so I’m not exactly sure how they were able to access that page, knowing that no staff account was hacked. (Picture below)

You can tell all your staff users to use Multi Factor Authentication and enforce it with the setting enforce second factor.

Also check Admin > Logs for suspicious activities.