I don't understand how something like this is even possible if the user's password is not compromised.
If the scammer changes the password, he gets noticed quickly. By not changing the password, the scammer can stay under the radar and impersonate the real account owner for a while. It has happened before.
That makes sense, but I'm still having trouble understanding what exactly happened here. How did the scammer get into OP's account if he didn't have his password?
I noticed that Peanutswar mentioned receiving a link for Discord community management. Is it really possible for someone to gain access to your bitcointalk account just by clicking on such a link? Sorry if this sounds like a silly question, but I'm genuinely curious to learn about the countermeasures against this type of attack.
Peanutswar, could you please provide more details? When did you first realize that your account had been compromised? Have you noticed any suspicious activity on your system? Also, could you elaborate on the links you mentioned?