Since SWC is radio silent with regards to the hacked accounts, I will do my best to speculate on what has happened.

SWC has no security measures currently set up to prevent a brute force attack. A hacker can proceed to just try password after password with zero repercussions. So instead of developing a more secure site, SWC has decided to make the users responsible for increasing the security of accounts by requiring everyone to change their password to one with a minimum of 12 characters.   This solution requires no software development. This solution also doesn't prevent a brute force attack. It just makes it more difficult. I think a better solution would be one of the following: 1) make it so that after X amount of failed log in attempts an account is red flagged or locked, 2) log in with your email address instead of a very public screen name.