said by Letter :
The database that was accessed contained information you would have entered when you first created your account, including your name, e-mail address, user ID and password, your hint question/answer, and if you ever purchased more storage, possibly your billing address.
In short we were not practicing good security by storing your user name and password in clear text instead of salted and hashed. These days it doesn't matter how good your password is, if fools like this give it away.