How exactly are the scammers hijacking accounts? It's not like the passwords are posted publicly. And convincing people via pm to share their passwords happens only to the hopelessly naive and braindead. I always thought passwords were stored in encrypted form in a secure repository of the server. Or is there some kind of backdoor access to accounts?
Maybe the 50000+ IPs theymos reported to be brute forcing the forum a few days ago got some information.
There are a few users that seem to enjoy the exploits this forum has in hacking.
AS A GENERAL NOTE: ENSURE YOU POST A STAKED ADDRESS SOMEWHERE SO THAT YOUR ACCOUNT DOESN'T GET HIJACKED (AND IF IT DOES, YOU CAN SIGN AN ADDRESS AND REGAIN ACCESS TO YOUR ACCOUNT).
If there was no staked address by OP, then they were fairly lucky that the account was recoverable (the email address and/or password remained unchanged).
Stake addresses here