The truth of the matter is that all sites are hammered constantly. I checked some of my sites that get very little traffic and I have neglected because they are old projects I no longer have any interest in. They are just about all hammered. One site was hacked and they put a link in the footer of the site, so that my copyright notice actually linked out to their pharma site, or whatever it was.
I guess either way we have a lot of resetting to do. I haven't started mine yet, to be totally honest
The reason I believe my own hacks will have little impact on your security is because:
1. This forum has a strong unique password.
2. If they did manage to hack the site, you cannot see any passwords from the software.
3. The software checks all files daily to see if there are any anomalies. There have never been any anomalies. (This does not apply to the old vBulletin site, which became insecure with age. That was one of the reasons we upgraded to Xenforo.)
4. If the someone get access to my hosting account, you can look at raw data using phpmyadmin. But all the passwords are encrypted.
5. WordPress is up to date on this site and has security software installed on it. A recent scan shows no changes to the files or non_WordPress files.
6. There are currently no known exploits on Xenforo.
Doc, are you saying that your email password was flagged as being hacked?
Please note that the data shown on haveibeenpwned doesn't show the number of sites hacked or passwords leaked, because I imagine most are done by bots and never make it to any list at all.
Curious if anybody else reading this thread has had adverse results from the haveibeenpwned site?
Edit: Just so you can see the Wordpress check: