Even though this will hardly affect me (I use – and recommend – 1Password, so I’m now tapping another random, unique password into all my devices), I’m a bit miffed about how easy it still is to get at user account data in bulk.
After all, even if they did salt the passwords, they were apparently keeping them in a mySQL database (md5 hashed? seriously?) – and one of the reasons I hate conventional databases is that it’s all too easy to get at entire tables’ worth of data.
I hope this makes them look into not just better auth mechanisms (preferably something that doesn’t allow anything to get at bulk data) but also encrypted data storage.