The issues is passphrase entropy or lack of entropy.
This +9000, I don't think the site is compromised.
Some people probably have tables up and running monitoring all possible addresses created from basic to medium complex pass phrases. Tbh I would not be surprised if the creator of the site is one of them.
* Insu Dra runs off to create a new vps for his new rainbow tables ....