The article fails to mention that the breach was for a third party plugin. This breach is on countless sites across the internet and not just limited to ours.
Their system was compromised and they grabbed user data for us and thousands of others. We cleared our part of the breach and went this route to further security. This is also in place as many members on the internet use the same or similar passwords across all things they use.
We cannot go into detail at the moment as it is being dealt with on a legal level.