Disclosures:
Inappropriate function used to hash passwords but passwords are salted, at least.
Recommended change: Start using “slow” hashes, don't forget to re-hash existing passwords, publish hashing info visibly, then let me know.