Yeah, that to. Plus he's basically selling other people's property and violating the licenses of all those non-commercial tools and mods.
As an aside, tho: don't be worried about the passwords.
If he used any modern 3rd party forum or had half a brain while programming his own, the passwords are not stored in plaintext.
The passwords have most likely been MD5 hashed and had their hashs stored.
Hashs, by their nature, cannot be decrypted (hashing is not an encryption method -- hashing loses information, encryption retains information).
In theory it'd be possible to brute force generate passwords for those hashs and try them in combination with the user names or e-mails at other websites, but unless someone who hates you personally happens to buy that website, it's not a problem for you.
The bigger problem is that he is selling your e-mail adresses and you probably didn't agree to that when signing up -- try to find a cache or backup of the ToS text if you want to verify that. The
Web Archive could help.
He is allowed to sell the domains and whatever code he wrote and is NOT based on third party software he didn't get the expressed permission to resell (i.e. most non-commercial/open-source forums and CMSs) for, tho.
Hint:
Contact all parties whose properties he is attempting to sell. That includes Silver Style, Interplay (hah -- don't expect an answer) and
PHPKIT (their
ToS forbids any commercial use).
EDIT:
I've reported him to eBay.de (which won't do anything because they only abort auctions that violate their policy in a blatantly obvious way -- may be easier in the US) and sent him a mail with a list of parties whose licenses he is violating and what he can sell legally (= the domains).
Not that that'll do much.
that really rocks 