Are the powers that be at Ubuntu Forums slack, lazy and far to casual about storing users info ?
Well they did have our information encrypted, to be later salted when crying to crack, so that's not 'too' casual.
There's no such thing as a 'bulletproof' site or business. Take the very recent incident in the US Wendy's burger chain, there were over 1,000 stores where customers credit/debit card credentials were stolen, and no it wasn't salted, just as with Target a few years back.
Now the banks will be busy informing customers that their cards aren't active (what an inconvenience ) & they'll be issued new ones, at the total expense of the banks/credit card issuers. Wendy's doesn't have the financial resources to bear the cost, though they may be penalized in some manner for their 'lax' security.
AnandTech (a popular tech forum) was also hacked, and we had to create new passwords as a result of the breach. Here's a site that can tell one if their email account has been hacked, and this is why I keep my forum/general use email separate from that of doing business.
Look at what it shows when I entered my email.
There's also another site for usernames on forums & social sites, though at the moment can't find it. Here's an overview of the pwned websites (some known, some not) & approximate number of victims. The scary part is, this is likely a fraction of those whom has otherwise been hacked & we don't know it.
One good reason to change passwords regularly. Especially on sites that has one's information, a date of birth, IP & email address can give the criminal a lead to follow. There are legit sites (in the US) that will for a fee, provide this information (reverse search services). These are especially good if considering a babysitter or caretaker for a loved one, or even someone that's met & may have an interest in. Employers routinely has access to one or more of these databases, as they don't want to hire those that doesn't fit their profile. A criminal record in itself doesn't always disqualify the applicant, rather the offence & how long ago it was. Beginning at going 10 to 30 years post release (the longer the better) clean is a good sign that the former inmate (or probation server) has been rehabilitated.
Note also that these search providers has a disclaimer to cover their backside, there may me inaccurate information in the report. Especially a reverse phone lookup, where there's been a dozen or more using the same throwaway cell phone number, and less frequently, landlines. One must consider the reputation of the search provider before signing up, and though they offer unlimited 24 hour passes, most of these are offered as a subscription by recurring payments. I won't mess with this, at best a one time lookup for 99 cents, or full day pass for $1.99, which can be paid with a PayPal account to prevent abuse. Ongoing subscriptions requires a debit/credit card on file, am glad that mine (a government issued card) doesn't permit these type of transactions. Nor at a gas pump.