Let us start by saying this very clearly: Trion Worlds' security has not been compromised in any way. There has been absolutely no breach in Trion's servers.Trion says that it has begun issuing refunds to affected users and is (by coincidence) buffing its Glyph launcher with new device-specific security features. The studio recommends strengthening all game passwords.
What happened in the last few hours is sadly nothing new: Every day, bots obtain user credentials from various unprotected sites around the Internet, build lists of login and passwords, and try them on Trion's servers (along with many other sites). If players consistently use simple or repeated passwords across different online services, these bots may get access to their accounts. Because of the current momentum around ArcheAge, hundreds of millions of such attempts were made from well over a million different IP addresses in the last few weeks, only a fraction of which ended up being successful today.
[With thanks to tipster Boinya.]