The article states "the group provided 100 credential pairs". That indicates one of a couple things; a) lying attacker providing old hacked accounts, b) unsalted or weakly salted credentials vulnerable to rainbow tables or brute force or c) plaintext storage.
Or it's just credential stuffing matching email with plaintext passwords from other old breaches, or they created 100 accounts and thus know the password, etc.
Until a more detailed investigation/write comes out it's difficult to say for certain what they have, if anything.
It could also be colloquial use of "credential pairs." In that it could be that they were, in fact, hashed; but the report went with a quick verbiage to say they were leaked. Especially considering that most hashing/encoding tricks will go out of date and many common passwords will still be as effectively leaked.
