Some points before people starts panicking:
The hack took place between March and May 20 of this year
The hackers needed to know the email addresses, passwords and phone numbers linked to the affected Coinbase accounts, and have access to personal emails
Although obviously Coinbase said that there's no evidence that the users' data comes from them, it looks too much like it. Either somebody from inside has sold users' data to a malicious 3rd party, either Coinbase user database was hacked and they didn't notice. Of course, from there to actually accessing users' e-mails there's still some work to do.
The warning, however, is the same as always:
don't keep at centralized exchanges too much money and for too long. Not your keys, not your coins.
I would think that if the leak was coinbase the numbers would be much higher.
Thinking about it more, and the fact that they are mentioning a SMS gateway issue I am drifting towards the opinion that the issue was with a bad SMS implementation that allowed messages to be sent to non phone devices (google voice and the like)
Bit of background, SMS providers can tell
MOST of the time if your phone is a real cell or something like google voice and for security reasons not allow you to get SMS messages to those numbers. Even Microsoft does this, I can get recovery texts to my cell, but not my Google Voice or our office VOIP line. I can get normal texts to them all day every day. I have 2 banks 1 will send the SMS to my GV number, the other tells me it's not secure.
So, if I got access to your gmail account (picking on them I am sure there are others that have linked email and phone numbers) and you had your SMS access /recovery phone number set to the google voice number that was linked to that account. Well, it's all over for you. I can reset your Coinbase password, get the SMS, take your money any leave. All with just getting the password for someones
iamadumbass@gmail.com -Dave