My own take on this:
1. Any notion of it being a case of accidentally staying logged-in whilst on a public PC and someone thereafter abusing the account is highly unlikely. Whilst the 'staying logged-in' part is feasible, the chance of a member of the public sitting at a PC and knowing how to create games on Conquer Club and knowing how to come and look at the C&A forum thread to see the results of his/her handiwork is highly improbable.
2. Giving out a password to non-clan members who themselves have sitters - unknown to you - with access to their account (and mailbox) is simply courting disaster. Commander is a smart chap and an extremely nice guy, but sending out that PM was incredibly naive and risky. I would go mental if anyone in TOFU ever gave his password to a third party.
3. To the best of my knowledge THOTA have their own off-site forum where anything of a confidential nature is discussed, so it's unlikely anyone with access to the THOTA forum on this server would find anything such as passwords or penis length.
4. The time of the abuse (just after 9am) is indicative of someone who may be at a work PC, though perhaps not at his own workstation.
5. When I posted on Hannibal 19
's wall "You must be really proud to win all those games against an absent player" (since deleted by him) I got the reply "Why not, free points". That's really bad form and surely warrants some action.
6. Taking Master Chief's statement that his p/w is only in his and his father's hands we can rule out anyone accessing his account and obtaining Comm's p/w. With the other two guys I wonder if they remember when they logged into their own accounts whether Comm's PM was being read by them for the first time (i.e. Inbox still showed mail waiting)? And do either of them have any sitters that they've needed to cover for them since Comm's PM was sent?
Hopefully there are IP records that can determine the source of this abuse. Unfortunately there's every likelihood it will be from an unknown address that doesn't tally with any user on this site, however with a tool such as IP Tracker it is possible to determine the location. Hopefully once a town or city is pinpointed it will become easier to identify the culprit.
This is a really heinous thing to have done. It's also unfortunate it involves another THOTA member at the same time one of their own is under scrutiny.
Hopefully the investigators have all the necessary logs and tools at their disposal.