This is nonsense, of course. Several of the hashes are googleable.
Sometimes I feel like web app security is still where unix security was 30 years ago. Before /etc/shadow.
(edit: and before setuid programs realised they should do privileged operations early then drop privs asap.)
Also, pastebin link because it's not included in the article: http://pastebin.com/tkmZDG9m
bcrypt is good at what it does, but that is such a limited domain that it is insignificant next to the decades of security research and experience that many popular modern web apps blindly ignore.
What does bcrypt have to do with the principle of least privilege, for example?
Trying to contain the exposure may actually make it worse.
In a perfect world good journalism would mean linking to ones sources anyways.
Once the cat is out of the bag, obscurity is more harmful than beneficial.
Of course when big business gets hurt, they have more influence but still.
Isn't this a third-party server responsible for those "how was your shopping experience today" pop-ups?
edit: I don't believe it's third-party however. But the important takeaway here is that this isn't related to Apple's iTunes accounts; rather it's a survey.
Technically, yes, Apple was hacked. But realistically... no it wasn't.