In my case ,at the end of May, I booted fresh from a livelinux CD and used a new email address. The only thing I did different was I had to contact their help desk.
So I'm not sure how my account was compromised then.
Also my compromised account started with an A, so I assume hacker got access to polo database an went alphabetical.
Op did you previously contact the polo help desk for anything.
Also what letter did your account begin with?
My Account started with A as well (we may be on to something here)!! but not, I did not contact their help desk at all before that,
Did you see any unauthorized activity on your account?