In simple English: An "unsalted password hash" is practically the same as "your plain-text password". "Decrypting" an unsalted hash is trivial. So Thingiverse leaked your password (and email) and if you've used that somewhere else, too, consider that account breached as well.
"unsalted [...] password hashes" ... I have no words. Change your passwords NOW.Show this thread
The tweet says unsalted SHA-1 *or* bcrypt (which is fine). They were likely in a transition between the two and never finished it or did it correctly. Unfortunately, unless Makerbot provides more info you need to assume you’re in the first category, especially for long time users