This fiasco is another reason why you should always encrypt your address, no exceptions, and it blows my mind that 80% of SR users send their addresses in plaintext, according to stats provided by some vendors. We usually think of the main threat as being LE compromising the server, but mundane shit like this more likely to happen, and you never know who it's going to happen to. A vendor got phished. Luckily this time no addresses were stored on the account, but next time the phisher may try to blackmail everybody whose addresses he gets. Oh, don't want me to turn this info over to your local police department? 50 BTC please. And that's assuming the phisher isn't LE.