The vulnerability wasn't within the MySQL database management system. Apparently a customer view application on the website (mysql.com) let the hackers through.
The hackers got into internal databases, tables, usernames and passwords. Apparently passwords from Sun.com were not hit but only tables and emails.
All the information was then dumped to Pastebin.
Hackers throughout the world are highly amused that the Director of Product Management used a 4-digit number for his WordPress account's password.
The glorious MySQL team has yet to fix this bug.
Apparently MySQL.com is also subject to a cross-site scripting vulnerability (XSS). This flaw was found in January and does not appear to have been repaired. More here.