Well that’s… damning. You simply don’t have that many matches without there being a very high likelihood BeerAdvocate had suffered a data breach. For every one instance of an email address or password with the string “beeradvocate” in it there’ll be another 100 instances that still came from their service but didn’t use a customised email alias or (let’s face it) very poorly chosen password. On the balance of evidence, they had indeed been breached and their data rolled in with at least the two other organisations into what was now effectively a credential stuffing list.
Source: Troy Hunt: How BeerAdvocate Learned They’d Been Pwned