Or a large number of accounts were created with placeholder credentials which were compromised in mass -- for example, passwords set to dummy values like "changeme", or to predictable values like the student's last name.
It's a good thing to shut down early this type of spam, else other providers might start blocking *.tw domains and it will take longer for them to get unblocked.