JoshW said:
Was going to post similar to this, and basically say the only data UKC will have is your passwords, and that you should avoid having similar/same passwords for all your websites, and password managers (iOS has one built in there is plenty available on app stores) are an absolute godsend.
This is where clever maths happens
The 'good' sites won't even store your password; no-where in the UKClimbing database were passwords stored so if you have been affected by the hack then your password _shouldn't_ actually be leaked. Obviously you can't trust sites not to store your passwords insecurely, and some sites may be malicious or be hacked to store passwords. So you should still use a password manager.
So how do good sites verify your password when they don't store it?
Instead they store a 'hash' of your password, mixed with a 'salt' (which is basically a site password). A 'hashing' function takes an input and produces an output with little to some computational effort. So if your password was 'mypassword' and the salt was 'UKCsecretpassword', you could combine the two to get 'mypasswordUKCsecretpassword', and then after running the hash you get something like 'SDfshtdshFDSgds9585tsdg5'.
The key is that a good hashing function is one-way - if you give me the input, I can easily generate the output, but I cannot easily generate the input from the output. So UKC can ask for your password, add their salt, and then hash it - and then compare to the hash they have one file. If it matches, then you have the correct password. But the bad guys who have stolen your hashed password cannot find out your password from the hash.
Some older hashing functions have been broken or are weak; if a website has used one of these then the bad guys might be able to crack your password from the hash. But if the website is using a good modern hashing function (and using it properly), the bad guys cannot ever work out your password (because it is just too much computational effort).
Why use the salt? It just makes the passwords longer and therefore more secure. People have generated tables of common hashing functions, so they have basically made a list of all the common possible passwords (words, words with a number 1 on the end, words with a number 1 and a ! on the end, see the Michael McIntyre sketch) and calculated the hashed. This takes a very long time, but it would mean people could rapidly look up common passwords from stolen password hash lists - they wouldn't get everyone's password, but they would get some. In reality the salt will be a reasonable length random number, so pre-calculated tables won't include those possibilities. Even if the bad guys find out the site's salt, it would still be a lot of computational effort to recalculate a table.