I have a mysql database that allows a customer to view an order they have made. The usernames and passwords only allow a customer to view but not change anything.
At the moment the passwords are stored as plain text. I have seen many security articles saying this is bad and that should someone crack into your database they can steal all your passwords. My problem is I'm confused, but it seems and correct me if I'm wrong (which is why I'm asking ) :
If someone breaks into my database then the only use of a password is to log into the system and see a users information. However if they have access to the database they already have access to the users information.
1) Text passwords + Cracker gains access to database = user data stolen
2) Encrypted passwords + Cracker gains access to database = user data stolen
Is there any point hashing the passwords?