It appears that there has likely been some sort of data breach, however it's worth noting that the phishing e-mails do not attempt to identify users by name, and the simple fact that they are asking for passwords likely indicates that the attackers do not have them.<p>Best guess is that the database of some bulk e-mail service was somehow compromised.