I see your point and just to be safe also changed my password.Simple. Look at all the different user names that were used. Not just one but many. Typical hack. Once in they have full access and then start sending all the bogus messages. If it was from one person I don’t believe they would have used multiple user names. And I doubt all of those users existed anyway.
Happens all the time on Facebook.
But if they took over the site I would expect them to start polluting threads but as "new members" they can't because the first few need to be approved by a moderator. Apparently this limitation does not apply to messages.
I hope that maybe Olaf or another site mod/admin can shed some more light on these spammers.