No, they really did get hacked- or at least someone leaked their accounts. Find yourself here:
<snip>
Then, someone started cracking the MD5 password hashes and then, with passwords in hand, trying various accounts until they found one with lots of money. There is a $1000 per day withdrawl limit, so in order to get more bitcoins out, they had to crash the market close to 0 first. And that is what happened today.
The End.
Started cracking MD5 hashes? You have no idea what you are talking about.
The passwords in the accounts.csv are not MD5.
More likely, a hacker got access to the serer, did the damage he did ( dump BTC on the market from 1 account or something) and figured: while I am here, I might as well spice things up and make a full dump of the users database table.
These are salted MD5 hashes as generated by
crypt(3), breaking these using brute force should be quite complicated (if the crackers did not discover another MD5 weakness).
BTW: I found my fresh account there too. Fortunately I did not have any BTC or USD there yet. I hope they implement better security measures and do a code review before going online again.