This morning I received spam from an affiliate of a company called JBET Poker. I've never heard of them, but my mail filters filed the mail as something other than spam so I investigated further. The spam was sent to an address that I gave only to Full Tilt Poker.
It seems that Full Tilt has had some sort of security breach, sold their database, or has otherwise allowed their data to get into a spammer's hands. As they have had that address for years, I can draw no conclusions about when the leak happened, and I certainly don't know how it happened.
I monitor my domain on a daily basis for dictionary attacks and other nefarious spammer tricks, so I am highly confident this wasn't just a randomly-guessed address.