If the hacking cause has already been identified what the hell the Theymos / Cyrus are waiting for to address it then fix it ??. it is not a matter if we the users have a "weak password" it is a matter of how the admins store our passwords because they shouldn't store the passwords themselves, they could hire Google, Amazon or any other service to handle user authentication. If they dislike trusting 3rd parties then they should follow some tutorial about hashing + salting , this way the hacker couldn't brute force the database. Using a strong hashing algorithm combined with another complicated salting algorithm should be incredible difficult to hack, not to mention if they enable 2FA to all of us. This way even those phishing sites wouldn't catch us. Here some video about the subject:
YouTube hope someone shares it to them.
They fixed it. They can't do anything about those that didn't change their passwords, but there are auto-lock features for accounts that have remained long-dormant and suddenly reactivate. And trusting a third party is how the passwords were lost. The hacker gained access via the hosting service by social engineering. The passwords were also hashed and salted, but those with weak passwords were bruteforced and broken over time. There's more about the hack at the following link with what happened:
https://bitcointalk.org/index.php?topic=1067985.msg11445725#msg11445725Also, several 2-fa options will be available on the new forum software. There has been a sort of 2f option implemented here though in that now you can lock your account via an email once the details have been changed. It's not ideal but it's better than nothing.