Thankfully I've never been hacked, on my forums or in real life. I can imagine it's difficult to deal with hackers on a website, especially if they continue to get through every time you try and move hosts or find solutions to block them from accessing your webserver.
Back in 2006, I got my password cracked by someone. It was awful. Definitely learned to have a good password since then. Then in 2008, one of my staff members password got cracked, also doing some serious damage to the forum. Never recovered that completely.
We were kids then, and there weren't things like 2FA. It was on InvisionFree. That was a time of 2-3 years where everyone tried to crack anyone. As if that was something to be a "cool kid". Admittedly, I've done the same thing to someone back then, but never did any damage. The guy used his real last name as a password. I've let him know and he changed it.
I've never been hacked but I did work with someone who ultimately blocked me once I got the forum all setup and ready to open. We were supposed to be co-admins but he decided to kick me off the site right before the grand opening. He was the tech person and I was more of the forum setup like membergroups, posting etc. This happened over a decade ago and I still see the prick online roaming the forums. It's so disappointing and frustrating but it is what it is. I just know not to ever work with him again. Thankfully I haven't seen him on this forum so I'm pretty happy about that.
It has happened to me before but I was so lucky that the security measures was able to detect the hacking attempt and I quickly shut down the site, then later updated the plugins , change password and also implement some additional security measures to cover up the loopholes. It was indeed a stressful experience but it I was able to control the situation.
I’ve personally not been hacked. However, I’ve dealt with hacked staff members. I was an administrator on a RuneScape private server many years ago. One of my moderators got hacked and started banning everyone. I was able to quickly login and ban the moderator until an investigation was able to be held. From that point forward, we implemented certain protections that prevented abuse on mod accounts.
It's never happened to me. I did once lose my Facebook group, and I eventually got my admin privileges back. I also removed all admins afterwards, and switched my team to moderators.
I've never had any of my own admin/mod accounts compromised, but on one of my forums I did once have one of my Moderator's accounts compromised and it resulted in some pretty hefty damage, with a few hundreds threads and a couple thousand posts being deleted by the malicious party, and several users banned or limited, before the damage was able to be stopped.
Ultimately, I had to perform a rollback to around an eight hour old backup, which resulted in the loss of 500-something posts and a bit of manual work to fix things that had occurred on the site. Luckily it wasn't too onerous, and the Moderator was heavily apologetic and received advice on password security. We also implemented 2FA for staff (2FA was in its relative infancy at this point, too) at this point, which meant we never had any further issues in the future.