You state in the FAQ that the payment info in -that- database was hashed, and someone else pointed out that in that case wouldn't it be useless to you...
In another thread in this section you also state that the payment encryption is irreversable. I assume this refers to the hashing mentioned above. As the person I mention above was wondering, what purpose does this information serve then, if it can't be accessed or reversed? For example, when someone performs a money transfer of some sort, does the database with the unencrypted information spit out the hash of it to check against the information in that database?
You also state further on that no encryption is unbreakable, but combined with your previous statement, by this I assume you mean brute-forcing the CC/paypal details out of the hash? I'm just wondering what the information was doing there in the first place and what sort of threat level it may represent. After all, you did force a password reset, and those used the same method of encryption according to the FAQ, if not the same strength perhaps.