In an email to it's users today, March 6, 2014, comiXology stated:
"In the course of a recent review and upgrade of our security infrastructure, we determined that an unauthorized individual accessed a database of ours that contained usernames, email addresses, and cryptographically protected passwords."
ComiXology also wants users to know that they will never email to ask for personal information so be wary of any such correspondence.
The passwords that were taken were still in a protected format but ComiXology suggests that users change their passwords as a precaution on their site and any other site you use that or a similar password. However, they reassured users in the email that:
"Payment account information is not stored on our servers.... We have taken additional steps to strengthen our security procedures and systems, and we will continue to implement improvements on an ongoing basis... We apologize for the inconvenience."