Yes.
In 2013
https://bitcointalk.org/index.php?topic=306878.0, the hackers were presumably exploiting forum avatar upload feature to execute the hack. It was also assumed that they successfully gained access to forum database (PM, email, password hash) for a while.
It happened again in 2015
https://bitcointalk.org/index.php?topic=306878.0. This time it was worse. The hacker managed to get the full dump of Bitcointalk database. Even though user passwords are encrypted, they could still brute force it. Evidently, many hacked accounts were (and it's still going, by the way) popped up everywhere in this forum.