Cases of hackers hijacking high ranking accounts and then using them to post malware are quite common this days. The hackers nolonger change the passwords or emails as they know that they will be locked out and won't be able to use your account to post their malicious links.
Yikes. I do remember LogitechMouse's case from a while back, and it does sound like that's exactly what happened here. I don't know diddly squat about hacking techniques, but that's kind of scary. I think after this post I'm going to change my password to something a lot stronger (though I couldn't tell you off the top of my head what my current one is).
The good news is that OP shouldn't have much of a problem getting his account back, since it's pretty clear he wasn't the one who posted that malicious link. Could have been a lot worse, though it sucks that it happened in the first place--and a few years ago if a hacker got ahold of your account, there wasn't much you could do about it.