In last few days some of BitMarket accounts were compromised. Because it's not just one case, I decided to disable the site until I'm certain how it happened.
From what I can tell now, accounts were accessed normally, using their respective logins and passwords. We store only hashes of our passwords in database, so it's impossible to get them from there.
Are the passwords salted using random salts? If not, rainbow tables are available for common passwords using common hashes, and the hashed passwords may well have been leaked from bitmarket.eu itself or a from a backup or any offline copy. And even if salted, weak passwords may be found using a brute-force dictionary attack against the hashed passwords list, even if it takes more time.
It looks like at least one user whose account has been hacked was using a unique but weak password. That would match this scenario.