When NXT accounts were hacked, was there any brute force case or was they all hacked by stolen passwords or the password was some "movie phrase" or such?

1.5% of NXT accounts are trivially crackable with a 15 line script and a widely-available passphrase list (the rockyou leak dataset).

I've let my script keep running on more lists since then and at current measure have recovered the passphrases of a little more than 3% of all accounts that have ever been used.  Since genesis ~8M NXT has been sent to these "weak" accounts.

As I pointed out in my original post, my motivation for doing this was to investigate the root cause of the rash of thefts that had been reported (since I suspected weak passphrases) as well as prod the devs to drop the brainwallet-based key management scheme as the default option.  I actually cracked the genesis account a few days ago but originally thought my code was just buggy when I saw it's balance was negative ... LOL.

As a side note, I should point out that widespread knowledge of the genesis account key isn't a security issue per se.  Although I'd advise devs to be defensive moving forward about the possibility of integer overflow/underflow whenever dealing with amounts/fees now that the whole world has access to an account with a negative balance.