Update (September 16, 2004):

Further research has revealed that the problem is more severe than originally reported. In addition to the looting of E.Mail addresses of SpamCop members, the security breach also allowed access to passwords. It is unknown exactly how many passwords were compromised. These passwords would allow a clever spammer to change usernames, change passwords, change reporting E.Mail addresses, in essence to lock out a SpamCop member. Members who received the "appology" [sic] letter from SpamCop are strongly encouraged to change their passwords.

Original story (September 5, 2004):

Like everyone, nobody likes spam and does more or less whatever it takes to avoid it. So it came as a real shock to thousands of SpamCop users when they received a notice several weeks ago that their E.Mail addresses had been looted by spammers via a known security hole at the SpamCop.NET site.

The problem had been discussed with SpamCop administrators, but for unknown reasons was not fixed for over two weeks. When the problem went live on Security Focus/BugTrak (a last ditch effort to force people to fix security holes), spammers began looting the files in less than two hours. Shortly thereafter, the files were removed from online access and not reuploaded 'til new security was emplaced.

Why it took so long to remove the files (or fix the bug BEFORE the looting) is a good question with no forthcoming answers. To the estimated 80,000 spam fighters whose addresses were looted it's also very personal. Several test address have seen their spam increase by 20% since the fiasco, virtually all of it in porno with sex pictures embedded.