Hi. I got word an hour or two ago that the site was sending out phishing emails to OGA user accounts. If you have recently received a sketchy, poorly-spelled email that starts with "Your Acount is disabled for the purposes of security", you can safely assume that your account was not, in fact, disabled for the purposes of security, and under no circumstances should you provide anyone with any of your passwords, particularly information pertaining to your "Peypal" account, as the email calls it.
I have currently disabled the mail server on OGA until I can assess the extent of the hack. Since they managed to get a complete list of account emails, it's safe to assume that they also grabbed (hashed) passwords, so you should consider your OGA password compromised and change it wherever you're using it, particularly if you're using it with the email address that you used to sign up to OGA. Until I've determined the source of the intrusion, it's probably best to hold off on changing your OGA password.
I'll post another blog entry as soon as I know more.
Update: As of 12 hours later, the malware scan I'm running on the server is about half done. I'll post an update when it's finished.