MD5 insecure?
The article is somewhat misleading: AM's mistake wasn't their use of the "insecure" MD5 hash function. If they'd done what they did but replacing MD5 with one of the recommended, more "secure" replacements for MD5, such as SHA-256, then they would have had no significant increase in security. The problem was what they did, not the precise choice of hash function for doing it.
By the way, passwords were not "stored" with "weakened MD5 encryption". MD5 is a hash function, not a cypher. You don't "encrypt" things with MD5. Bcrypt isn't a cypher, either; it's basically a specialised hash function.
Biting the hand that feeds IT
