It's pretty clear the hack is in the client side.
The list of sites alone is clear enough on that, even if you know nothing about them. Someone just had a little lolz with the botnet he owns anyways. TFA advise is totally bogus: They don't post the list of sites to advise people to check their accounts, they do it because it's their excuse for posting a list of x-rated stuff on a non-x-rated site. Pure sensationalism.
We may have a look to see of the logs go back far enough to tell us which browser version, OS, and toolbars or addons those members were using.
Or which desktop dancing nude woman they installed, or old version of flash player they use, or any other of a thousand possible problems.
Most people don't realize just how many (usually windows) PCs out there are owned by hackers. When some botnet runs an attack, we don't realize because the numbers are so big its just a statistic.