Kevin -
He has a six month old kid so I am assuming it was "Must escape from baby" time in his household
Actually I was off on my statistics - it took six hours, 32x 1080TIs and another ~50 other, smaller GPUs..
Under "Breaches you were pwned in" it says "Online Spambot"
I can't see how a spam bot would have got the password though - I don't follow email links unless I absolutely trust them, and even then, I go to the homepage of the site by typing it in on the address bar.
Allen, then further down the page you should see:
Onliner Spambot (spam list): In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow moʞuƎq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled Inside the Massive 711 Million Record Onliner Spambot Dump.
Compromised data: Email addresses, Passwords
A spam Bot didn't get your password, a spam bot was
using your password (potentially). This would be the breach I just noted as needing only 6 hours for a single individual to crack the password hashes - organised criminals would have even more power at their disposal.
Basically .. change your password(s). Everywhere, because Troy (who runs HIBP) isn't going to tell you which password has been compromised. Theoretically I could find out via Justin (the aforementioned individual with time on his hands) but I can't really pimp him out as a service
FWIW, he worked out that ~95% of his Facebook friends all have their details (including password, including mine!) in that dump, so you're not alone.