Some points before people starts panicking:
The hack took place between March and May 20 of this year
The hackers needed to know the email addresses, passwords and phone numbers linked to the affected Coinbase accounts, and have access to personal emails
Although obviously Coinbase said that there's no evidence that the users' data comes from them, it looks too much like it. Either somebody from inside has sold users' data to a malicious 3rd party, either Coinbase user database was hacked and they didn't notice. Of course, from there to actually accessing users' e-mails there's still some work to do.
The warning, however, is the same as always: don't keep at centralized exchanges too much money and for too long. Not your keys, not your coins.