Some poorly designed databases use MD5 of an email or username as a pseudo-anonymous identifier. This hash could be a token for user@example.com .