You mean besides the email from Attitude where they admit they had their database hacked and are looking into it? How much more proof do you want?
The point is it wasn't just the email addresses that were hacked. They won't tell us the level of exposure or what was stolen. They've had credit cards stolen before.
You're right, we can't explain why some got the email and some didn't. We also can't explain how Attitude knows who was affected but not what was stolen. Thats the point.
Assuming you are right and they have admitted to a breach (I say 'assuming' because I have not seen this email), then The Attitude is the victim.
You seem to want instant answers when providing them would be irresponsible before all the facts can be gathered.
I am sure their Network Administrators are examining pertinent data to determine the extent of any penetration. And that takes time.
I don't know much about network security at this point, but I do know that every network exposed to the internet is vulnerable to attack to some degree or another. The question is not if an attack will occur, but when it will occur and how bad will it be.
In my opinion calling for a boycott at this point is premature.