Not true. The announcement was that password hashes (not passwords) were stolen. Read on this web page what hashes are -- and various degrees of security of the mechanisms that create and check them. As posted in this thread, I believe upgrading the security module (with stronger algorithms) forced a global password reset.If this site was hacked the way others were, the user IDs and passwords were taken. You should have been explicit in the notification that it was passwords that were stolen. So yes, we should change passwords here, but more importantly, we should change any passwords that match it.