I think I may have found the culprit. Try putting your email address in here. [link removed temp]
Then look see what comes up - as you will see, its not here. Basically if you use the same username at another forum which has been hacked, then bots take the username & password to crawl other forums and find other associated accounts and emails.
This info is then sold on the darknet. Whilst I am sorry that the bot appears to have found you here, I'm afraid that despite spending hours and hours on this, I can find absolutely no evidence that it is a result of a database breach here and there is nothing I could have done to prevent it.
As mentioned everything on this side appears to be secure, my hosts can find no evidence of any breach and the only IP addresses used to connect to my database are those that I have used and MISP which is my hosts. The admin account had only been accessed by my IPs.
As my hosts said earlier this evening it is highly unusual for hackers just to attack a site for email and leave everything undamaged and they suggested that it may be the work of bots and not related to this specific site.
I guess that is why after some of the fairly large breaches last year people were advised to change all their passwords at other websites too.
See also
hereMost people use the same password for all sites so what happens is when one site's database is leaked, you can try using their same user/pass for any other site you might think they are on. Databases work great for targeting individuals.
All I can do is suggest you change your password for this site and any other sites that you frequent
... and on that note Im off to bed.. Ive been up since 6.45 yesterday