That would be hampa - game owner/developer.
Telling people to change their passwords etc is about the most that the staff here can do. As moderators and community managers they don't predominantly deal in firefighting and security things.

I'm guessing full details haven't been released because they're not fully know. It's possible that the perpetrator obtained an old copy of /a part of the database - in which case they would have access to birthdays, emails etc etc if that data has been provided here. Contrast that to if they managed to abuse XSS somehow or used phishing then they would typically only obtain login info (and full details of specific targeted/compromised accounts).

I agree that it hasn't been handled optimally and to be frank the security here could be a lot better and seems to just be kept the way it is for...some reason? I don't know really. Security changes seem to be reactionary instead of precautionary as they should be.
Examples of obvious stuff: Toribash uses a vbulletin version from 2009. We don't have SSL (though it's hopefully on the way). There's no login attempt limit in the game client. Etc etc. So if you want to get angry at anyone aim for the top. Put enough pressure on and maybe it'll be enough to incite change.