One Marvin to another-- I think you have to step up on this one yourself. Clearly, some crud-ball did something nasty to you, but it appears that it was done by breaking into your gmail account. It's your job to make that as difficult as possible. Were you phished? Did you follow best practices for avoiding being phished? There is a ton of information out there on how to avoid being phished. Even the most knowledgeable and care get taken sometimes, but were you up on your anti-phishing game?
Or was your gmail password weak? Password managers like LastPass make strong passwords manageable. Google offers multi-factor authentication. If you are not using multi, think about it. I don't know a single computer security professional who does not recommend using multi-factor.
I don't mean to shame you. I've been caught myself, but if you don't do your best to protect yourself, you're shorting yourself. It would be wonderful if Mark could do more to increase Groups.io security, but computing today is built on an insecure foundation and he can only do so much. (Mark-- That's not an excuse to slack off on security-- just a note of understanding!) It's a tough world and no one is in a better position to take care of you than you are to take care of yourself.
I don't mean to self-promote, but I post personal computer security suggestions on my site marvinwaschke.com that might be helpful.
Best, Marv
Marvin Waschke