I didn't get an email (unless it was a long time ago) but I just tried to login now and I was forced to change it so I did.
Either they are being diligent or it is indeed a database leak. I've moved to using unique passwords for each site now. It's a bit of a pain since I need to always go check my password manager before I login to any site, but at least when there's a leak it will only affect that one site.
Next step I need to do is to use a separate email for each site. That way when I get spam I know what site is responsible.