has anyone figured out how they were able to get into blf accounts?
there's not any current smf exploit for this version i'm aware of
the exploit was that carbon copy or whatnot and the email notification when pm system showing other user's email addresses in the actual email
people who used sites like mailinator and then signed up for the blf using the mailinator email were affected by this
zapk or whoever used the password recovery function on mailinator and got the users' passwords
at least i think this is what happened