This is so predictable. Large databases are valuable targets for theft.
It seems like the vulnerability at 23 was users who used the same password on another site.
Presumably the attackers had those databases (easy to obtain peeps, thats why we use different passwords and password managers) and a good script that let them login and download. Probably over a whole lot of proxy IPs, so it was hard for 23 to see that they were under attack for a while.
Don't know what else to say... Maybe 2 factor authentication should be more common. I guess with them you could spit on your monitor and it should log you in.
If that's the only issue it seems a bit of a far reach to say they were breached.