Please see the following Ethereum Foundation Blog post
for full details.
Accounts created before May 2016 have been compromised by access of a forum backup....
The information that was recently accessed is a database backup from April 2016 and contained information about 16.5k forum users.
The leaked information includes
Messages, both public and private
Username and email addresses
~13k bcrypt hashes (salted)
~1.5k WordPress-hashes (salted)
~2k accounts without passwords (used federated login)
The attacker self-disclosed that they are the same person/persons who recently hacked Bo Shen.
The attacker used social engineering to gain access to a mobile phone number that allowed them to gain access to other accounts, one of which had access to an old database backup from the forum.