I had it happen to me yesterday. Here's what's happening.

This site, along with every other BBS and thing you can imagine, has been stripped of usernames (that's easy enough for a kid to do) and then those usernames are fed into a program which tries to "brute force" password guesses, Like doreen mentioned - simple ones like "password" or "123" or username as password.

This system (our BBS here) apparently allows 5 tries on password before locking you out for 15 minutes - if you try to log in during the timeout period from the brute force attempt you'll get the message that you've tried to many time s and wait to login

5 attempts then block usually triggers the hackers script to move on to the next username that's been harvested from here. Scripts will be reused so it's possible that it could happen often although it was a first for me and I've been on here a few years.

again, doreen mentioned to use a decent password and one THAT IS NOT THE SAME ONE YOU MIGHT USE ELSE WHERE with the email you have on file here. That's the beginning of a hard time for you!

If you get hacked here, the hacker (a bot at first) can login as you and go to your Control Panel and get your email address on file, then start using this email/password combo on sites such as:

Facebook
Twitter
Common Banks
Ebay
PayPal
you name it

My method to avoid these kind of head aches is to use a unique email for each site I sign for and a set of passwords that have not related to any of my "critical" passwords I use elsewhere

This is a head ache of it's own but worth it to me.

BOTTOM LINE: If you are going to use your general email for signing up for sites, use a UNIQUE password for all sites and keep a list of those in some kind of encrypted form. KeePass works pertty good and is open source. You can check it out here...

https://keepass.info/

I use this at work.

Good Luck, Stay Smart, Stay Safe