"Experts at LeakedSource, a breach notification website, believe that VerticalScope, which owns sites like VWVortex and TTAC, may have stored too much data in one or several connected servers. The volume of data cracking one server may have given hackers access to several others, as they say, “there is no other way to explain a theft on such a large scale.”
Furthermore, a database sample given to ZDNet shows passwords that were hashed and salted with MD5, an obsolete method that is now too easy to decipher. In addition to passwords, email addresses, the site visited and a user’s IP information (which can be sometimes be used to determine location) are all listed in conjunction with the usernames that were compromised.
Lack of HTTPS encryption and the use of vulnerable older versions of the vBulletin forum software were other weaknesses in VerticalScope sites noted by ZDNet. So far, they note, the data has not appeared for sale on the dark web."
In English: VS bought a bunch of sites that were using obsolete security features and old software which had not been updated. These sites were hacked. Everything else is "we believe", "maybe", "possibly", "we see no other way". That's nothing more than supposition and educated guesses.
When VS discovered the problem they told us and demanded we take corrective measures. These initial corrective measures may be overreaction, they may not be. They also admitted these actions may be overly extreme and, if so, will be modified in the future.
I suggest waiting until the initial panic subsides before pointing fingers and laying blame. Let's see how they go about solving the problems.
Until then, change your password.