Dang, I didn't know about that functionality--that's pretty neat.
It was implemented about 6 months ago here:
https://bitcointalk.org/index.php?topic=5150936.msg51367307#msg51367307Usually when accounts get hacked, the hacker changes the password and the owner can kiss their account goodbye.
If you read the whole thread that the post I linked to above is from, you can see this pattern of activity where the hacker breaks in to an account but does not change the password. This happened to the "kenzawak" account, and allowed the scammer to send out PMs to victims and scam users via Telegram without raising any suspicion or the account being locked or red flagged.
OP, I'd also check your inbox/outbox to see if any PMs were sent without your knowledge, although an attacker may already have deleted any evidence of this.