Looking into this more, it appears that they may have stored a hash of the password, but without salt, so it’s fairly easy to find at least dictionary words from the hash.

Wikipedia on hash and salt
en.wikipedia.org

en.wikipedia.org