Possible "inside" job.
That's my guess also, but the article uses the term "hackers" which implies a breaking of the encryption....if it were a matter of simply stealing users' passwords I wouldn't call that "hacking".
Too bad the article doesn't give more detail.