I currently have that site that your colleague was phished through (http://silkroad6dhggjiv.onion/) under a DDoS attack so it is offline. Hopefully no one else get's phished through that. About your account, only Defcon can change passwords on a vendor account and it has been passed up to him.