There’s a distinction to be made between a “reported breach” and a “verified breach” that allegedly obtained user data.
“Verified” generally means that a known e-journalist took the time to verify that the information contained in the “reported” breach was, in fact, accurate.
But often the e-journalist doesn’t have access to the data or even a source to confirm that the breach is real, so the e-journalist will often downplay any breach reports that they haven’t verified (or seen solid confirmation of) because it downplays their brand.
To an e-journalist, the brand is more important than the facts.
The problem is, the real world doesn’t give two shits if they verified it or not. If actual data was breached, then it is available on the Silk Road or reasonable facsimile. End of story.
So the question to you, the user, is this: did you have an account there?
If the answer is yes, then change your password at the very least.
That is the survival guide to the internet, in a nutshell, right there.