While they probably do not store in plain text and are just encrypting/decrypting, they still are not following the best practices of hashing the password in a one-way method.

Of course, they also shouldn't be sending any password, even a newly generated one clear text in an email like that.

You win an extra internet just for using ‘HUNTER2’ as the example password.