> Unfortunately, the attackers were able to download the full login > database for both the appdb and bugzilla. This means that they have > all of those emails, as well as the passwords. The passwords are > stored encrypted, but with enough effort and depending on the quality > of the password, they can be cracked. Could you please explain in detail how these passwords were "encrypted"? Were they hashed? Using which hash function? Did you use a SALT? I have a simple password that I use for sites like these, which means that the hackers now have access to other forums and bug trackers I am registered in. It's not a problem for me.
