A few days ago, my forum got compromised and the phpbb_users table with thousands of records got leaked. After invastigation, it appears all the hackers did was gaining access to an administrators' forum account and with access to this account, he created a backup via PhpBB's ACP. Everyone with basic computer knowledge is able to do this.

It seems we're not the first forum being compromised using this method. As soon as everything was restored, I have disabled the backup functionality (by adding trigger_error() to a file) so if someone ever gets access to one of our admin accounts again, he won't be able to use this anymore to get all our user details.

I actually did not even know it was possible to do this via the ACP; I always create backups via other ways. I fully understand such functionality can be very handy for some users, but for many forums, it's a big security risk. The same also applies to editing template files via the ACP (which also accepts PHP code!). If you have the technical skills to edit these files, I think you're also able to use FTP for this.

I believe it should be harder to use these functions or at least warn forum admins that these can be easily abused in case their forum account is hijacked. A few suggestions I can think of:
1) Display a warning the ACP with instructions how to manually disable it (by editing the PhpBB's code)
2) Add an option to disable it in the installation process
3) Allow the use of a second password for certain actions in the ACP

Thanks