in reply to
Re^3: Status of Recent User Information Leak
in thread Status of Recent User Information Leak
Also, hashing the passwords does not make them that much safer. Are you talking md5/sha1 hmac stuff like the Linux shadow files? Well, a few hours with john will get you a huge majority of the passwords I imagine, even with salts.
Absolutely, they had access to all the code base.
Probably this was a bad design decision unique to this particular e2 site.
I just checked, it is the default in the codebase. Maybe other sites wrote updates, but they haven't made it back to sourceforge.