So, the fucking spammers got access to b.com through a vulnerability in some PHP code, this means that they had access to your email address and hashed password. The password is not stored cleartext, but can still be brute-forced and weak passwords will be easily cracked.
Hopefully none of you are using your b.com username/email/password on other more important sites, like paypal/banking...