[ceejayoz]

The article states "the group provided 100 credential pairs". That indicates one of a couple things; a) lying attacker providing old hacked accounts, b) unsalted or weakly salted credentials vulnerable to rainbow tables or brute force or c) plaintext storage.

[DistractionRect]

Or it's just credential stuffing matching email with plaintext passwords from other old breaches, or they created 100 accounts and thus know the password, etc.

Until a more detailed investigation/write comes out it's difficult to say for certain what they have, if anything.

[taeric]

It could also be colloquial use of "credential pairs." In that it could be that they were, in fact, hashed; but the report went with a quick verbiage to say they were leaked. Especially considering that most hashing/encoding tricks will go out of date and many common passwords will still be as effectively leaked.