Gee whiz, I wonder if they stored all their passwords in unsalted MD5/SHA1 form, too.
Maybe this Eternal Summer of hax will finally get some moronic "web-developers" fired. If you can't secure your site against SQLi, you shouldn't be making a site with moving parts full stop.