It looks like iStockphoto suffered a phishing attack yesterday, March 3rd. Details here.
Phishing isn't a compromise of their website as such, but it was tricking users into following links via forum messages/site mail, which then led to a fake page asking for username and password.
It's confidence-inspiring that iStock discovered the problem relatively quickly and took the site offline to clean up the mess, but slightly odd that the incident and recommendation to change password is somewhat buried in their forum. I actually found out about it on a competing site's forum!