Sad indeed.
It is highly probable that it may have been a case of SQL Injection – a very popular attack, since it is very easy to conduct on sites that are not prepared to meet such.
The site now needs to go through a thorough security audit by competent folks / company.
Security 101: Encrypt all sensitive information. Usernames, Passwords & Emails, so that even if the database gets breached, the hacker would still have another layer that will need to be broken into - the stolen data would need to be decrypted.
They tried to bury us, they didn't know we were seeds.