I find it hard to believe they brute-forced my password, along with all the rest, as it is long and secure.
A good password should be at least 15 alphanumeric characters, which at 1 billion comparisons a seconds takes 7 million years to test all combinations. It would take a humongous amount of computing power to crack that in a few days, even if you split it up amongst tens of millions of machines.
And that's just for one 15 character length password, and each character adds 36 times the number of combinations.
If you're using non-alphanumeric characters, like @,$ etc it takes exponentially longer to crack.