Sorry to hear this.  It hasn't affected me directly, as I don't shoot editorial, but still disturbing to hear yet another site targeted by thieves. 

Sounds like a different gang than hit the micros, since the ones on the micros used stolen credit cards, and it sounds like this was a case of hacked accounts.   

I didn't get the letter so I guess my celebs aren't the right kind to steal.

This part always got me. I ran a website back in the dialup days. I'd bet if I went to my members list from 1988 and looked at their email accounts on the Internet, they are still using the same or similar passwords. Some sites force letters and numbers now, and 8 characters, but really, many people have one password for just about everything!

The underlying issue, however, is an industry wide one. A large proportion of the customers we have spoken to whose accounts have been compromised are using the same login and password details across multiple sites, often with very simple and easy-to-guess passwords.

So lets say these buyers have an account at some smaller photo site, which hasn't got tight security, or maybe even one that has sold the list to thieves? Now the accounts and passwords are out, and they raided IS and FT and Alamy?

Don't blame the agencies, unless it's one of them that's behind this.