There is no reason to store an encrypted password outside of proxying to another system. Where was the key to the stored password? This forum looks poorly designed from a security perspective.
It's obvious that they're using phpbb. Just like wordpress, and other prominent software written in php it has probably several flaws (security or otherwise), so I'd still steer clear of it... but it's safe to assume that in 2016 a major open source project has learnt how to properly salt and hash their passwords...
I don't know if this is the default hashing algorithm, and if they're properly salting them... it's even possible that linuxmint forums are misconfigured and/or that they're using an old version that defaults on md5.
But even if you use Argon2 or Scrypt, it won't do you any good if you picked
"Password1!"
or
"onetwothreefourfivesix"
as a password... it _will_ be cracked! (and thus the suggestion of changing passwords that might have been reused on other services is a perfectly good suggestion)
The key isn't just what software they were using for the forum, but what version of the software. Most sites that get hacked with these scripts are using woefully outdated versions that have various holes in them, usually because they don't want to have to replace/rewrite modifications or themes.
Based on the date, they might have been using a fairly old version of phpBB 3.
Clem (the project leader), and his team have created a great distro, but they have made some worrying decisions in the past that have made me question the team.
This is the distribution that turned off updates (security and otherwise) for some packages because something in their convoluted packaging process broke and they couldn't be bothered to find out why. Use at your own peril, I'd say.
