The problem with ECB is that you must know when to use it. It is not recommended only for the people who do not know cryptography, so they are not able to judge when the use of ECB is right and when it is wrong.

ECB is as secure as any other mode of operation if you only encrypt values that are never repeated, e.g. values produced by a counter, or if you encrypt values that have negligible probability of repeating, e.g. random values, such as secret keys. The defect of ECB is that if the adversaries would ever see the encrypted form of 2 identical values, they will know that those values were identical, which may help them to decrypt the message, or not, but such a risk must be avoided.

As another poster has said, here the main problem was the key derivation method used by them, which produced low-entropy keys that can be found by brute-force search.

In general, it is quite rare to be able to break even the weakest methods of encryption that are used today, when they use appropriate secret keys.

The method used for secret key generation is almost always the weakest part, which can frequently be broken.

While ECB is rather insecure, it doesn't enable full decryption of the message unless you have access to a padding oracle or similar. The 32-bit key is the real problem.