[SigmundA]

No a one-way hash is not "the password". If you have the hash you can't use it to login or reverse it to a password without brute force comparison which is why you always store a hash with salt using slow hashing algo, and not "the password", this has been best practice for years so a DB breach does not mean the password are compromised.

[hot_gril]

Right, but if someone mentions passwords in a non-technical context like a random Twitter threat, it's possible they mean the hashes.

[endisneigh]

I agree, but it's still the password in that it's the secret set of characters needed to be compared against to login. It's just not the same text a user would enter when prompted for the password.

Keeps in mind these hackers are the ones saying they have passwords and this is Microsoft. Most likely hashes.

[SigmundA]

I disagree you cannot use the hash to login, therefore it is not a password. Is a digital signature the item it is signing?

The whole point of hashing passwords is so if the DB containing them is breached the passwords are not compromised.