This is completely unacceptable. 1) they were storing passwords and 2) they were keeping an old database with sensitive information around that should have been deleted if it were no longer being used. You haven't seen indications that they altered professor ratings on your site? Who cares? What about the fact that email addresses and passwords are now in the hands of criminals? Companies really need to start being held responsible for the results of their lacklustre security efforts.

> These hackers acquired email addresses and passwords for some registered users of the active RateMyProfessors.com website (“Site”). We have not seen indications that the compromised information has been used without authorization or that ratings submitted to the Site were implicated in the incident.

So passwords that likely match most of the email account passwords were stored in plaintext then...?