Did you login at all the day the exploit was released to the public ? I think it was 8th of April..
Does that ring a bell hehe ?
Anyways assuming no one else knew about this until it was released to the public, Theymos said he fixed it within hours... so they could of only gotten your user/pass if you logged in during the window where the exploit was in the wild but before theymos patched it.... if that makes sense.
Someone, I'm sure just testing things out hacked my account and changed my mail. (Didn't change my secret question, which is how I got my account back)
I'm very careful with my password and it is not an easy one to crack, my thoughts are on that the site might have been exposed to the heartbleed openSSL vulnerability and someone could have gotten a list of users and passwords from the server.