https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback
"SHA-512 multi-iteration salted hashing is in enabled and ready for when we get users reactivating their accounts."
I used to use a SHA-512 multi-iteration salted hashing scheme for my website's account passwords and after the Gawker attack and about 5 other HNers telling me it was not as secure as bcrypt, I decided to test cracking my own hashed password with a GPU brute force.
All I can tell you, is that it is NOT secure. Even with multi-iteration salting. It's just too FAST, that's the problem. BCRYPT allows you to adjust the WORK FACTOR to make it SLOWER and therefore not economical to brute force passwords.
----
After the hacks and now knowing that they are UPGRADING their password hashing scheme to a process I used TWO YEARS ago; I will safely say that I will not use MtGox now or in the future.
The question here is, considering what they are doing(i.e. handling monetary transactions), shouldn't they have implemented a better hashing strategy from the beginning? After this, i'd say they are not the best source for security advices...