Due to how we have our forums set up, a default Discourse configuration introduced a security vulnerability that a user was able to exploit to pass as the “Leader” trust level. The bot that processes group join requests was not compromised, and the user never had access to a Leader account on the devforum, but because they appeared as one the bot automatically moved them to the Leader role in the group. With that role they were able to delete the wall and spam the wall/shout.
This should not be an immediate issue anymore, but please refrain from mentioning specifics until we can work with Discourse to close the vulnerability entirely. Since the issue is resolved, continue on using the group as normal. Unfortunately, there is no way for us to recover the posts that were deleted. Hopefully this shouldn’t be too much of a problem since the group wall is time-sensitive.