[talon88]

Breach is generally detected in one of two ways - information is sold and that leads to scrutiny when users write in, and/or you have auditing mechanisms (ip geolocation, for example) which points out behavior that does not seem to be correct.

Once you see this, you run through a full audit of all of your accesses, searching for things that don't fit a pattern. Logins of your admins — did they login at some time that they don't usually? Was there a login from a Russian/Chinese/Unusual IP? Did someone go into something they usually shouldn't? It's not an exact science, which is why it's really hard to do — you may never be sure what exactly was compromised.

Finally, how likely it is that other sites are breached: highly likely. The problem is that when you have leaked email/passwords, there's a large number of people that reuse passwords, and those people can be working at Blizzard, banks, or other companies. Unless they have proactive intrusion detection scanning in place, you don't know until after they've come in, looked at what they wanted to, and left.