Beginning the evening of July 1st, several CCCB email accounts were hacked and began sending vulgar spam. We apologize for this intrusion and any inconvenience you experience as a result.
Google has informed us that there was nothing we could do to prevent the attack. They said someone in our domain filled out a web form that gave the attackers access to their account; they targeted the rest of our domain after that. Google was a bit vague on the specifics and they have no tools to locate the source of the problem. We will continue to investigate the issue and look for solutions to increase our defenses against future attacks even if we cannot prevent every scenario.
Only about 5% of the domain was affected but that still represents a large enough number that it may take a couple of days to respond to all of those affected. Most of the accounts affected were alumni accounts that were here at a time before our enhanced password security policies. However, a select few had longer passwords that were hacked as well. Therefore, even if you were not hacked but you have password shorter than the new 14-character requirement, we advise that you change your password as soon as you can. This will reduce your risk of being a victim of this in the future.
Closing the intrusion began by disabling accounts that were sending the spam messages. Then we restored the accounts and reset their passwords per Google's instructions. These actions were completed by evening July 2nd and we believe we have this issue resolved.
Again, please accept our apologies for this.