I think that what the user implies here is that the email address (rather than the password) was leaked. Maybe the password was just weak. But there’s not enough evidence.
But the account is from Jan 2013. Maybe not bcrypt yet. If password was never changed, is there a chance that the used algorithm was weak and crackable, and so in the event of a leak this could actually be a problem?
