Yes, but how did they steal the credentials? Did they find a sticky note with the username and password written down? Or was there a vulnerability in the admin interface that allowed someone to sniff credentials? Or did they hack into the personal computer of someone with admin privileges?
Basically, this announcement gives me no confidence that they've done due diligence in fixing this problem. They haven't explained what the vulnerability actually was, nor what they have done to avoid it in the future.
Of course, this does speak to the dangers of using hosted services for anything that needs a high level of security. Anyone with appropriate admin privileges on the host system can compromise any user. That increases the attack area considerably; you don't need to attack the system directly, nor the users of the system in question, you just need to find one person who has admin privileges who is vulnerable, steal their credentials, then attack any users at your leisure.