passwords were written to an internal log before completing the hashing process. We found this error, removed the passwords, and are implementing plans to prevent this bug from happening again.

So am I right in thinking that there is zero evidence of anything being stolen?

Greg Morris @GR36