the funny thing is that they wrote if there is something on the website than we should not belive it and a few days after that, a list of accounts is on their address. that aren't hackers, just scammers.
that was the plan from the beginning. steal money and make money with the accounts to get more and more money.

if really someone is beliving that this was an hack... sorry but than you are to stupid for this world.

normal developers will encrypt or hash passwords. a lot of websites don't do that. not because they want to make bad things with it but only they are not prepared for vulnerabilities on their site.
but in this case there was a plan behind that. i'm sure.

that none of the admins replied to that list and discussion shows the intention behind that all.