The more interesting topic for me is how the hackers got into the database to begin with. IMO, that's a bigger security flaw than how the user passwords were stored.

This is like criticizing somebody for using "1111" as the combination for a safe inside of a house while ignoring that the homeowner leaves the front door to the house wide open.