They notified SP, and it seems Flippa originally created a blog post explaining what had happened, but swiftly removed it. The link to the web cache of the missing blog post can be found in the article - Flippa.com Hacked? | Find Websites to Buy with FlipFilter.com
Now the mystery Flippa post claims that admins do not have access to user passwords, which makes sense as almost any app designer will encode their passwords with MD5 or something stronger before storing them in the database.
Since yesterday however, I've spoke to two people who claim they've been locked out of their account. Is this a hoax / coincidence or is any one else experiencing problems too?