What makes you assume it was easy?
Or was a “hack” at all...someone signing up for an account and spamming the site is not a hack. An existing FR user with a terrible password that gets exploited is also not a “hack” of the site.
I can't say for certain, but it appears a few individuals here were duped into re-entering their login credentials through a bogus URL. As someone mentioned, if you're using https logins, I'm not sure that would work as that should prompt a warning message.