I don't see myself on the list, though I imagine I complained here. I was using a unique password, but someone looking at all my exposed passwords might have been able to generate it given a high enough number of attempts. Particularly interesting in my case, they spambombed both the email address associated with my Alaska account now and the email address I had used on signup. I initially assumed this was to hide a redemption email, but I do not receive redemption emails. They did not attempt to change anything in my account, either.

Anyway, now I have to call into Alaska to get them to unlock my account every time I want to book an award. I find it absolutely crazy that they haven't added MFA given the scale of these hacks.