From their blog post about it:

An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included emails, usernames, securely hashed passwords and authentication data. Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party.

The passwords were hashed and, I'm inferring from their language, salted per-user as well. Assuming a reasonable length password (complexity doesn't matter much here, what we want is entropy) it would take a conventional (i.e. not quantum) computer tens to hundreds of millions of years to crack one user's password.

… my personal Jellyfin server (nor anything else on it) has been hacked…

And I’ve never been attacked by a bear while wearing my goose feather headdress.

https://www.comparitech.com/kodi/kodi-piracy-decline/

https://www.digital-digest.com/news-64644-Netflix-Amazon-Join-Forces-with-the-MPAA-to-Sue-Kodi-Box-Maker.html

Based on our research, comparative search volume for “Kodi” has fallen around 85 percent from 2017 to 2022. Google Trends data reveals the dramatic decline started in Q2 of 2017 and has, for the most part, continued that trend up to this point. Consequently, the decline in people searching for Kodi directly relates to the appearance of the coordinated attack against piracy in the form of ACE.

And this is with Kodi furiously distancing itself from pirates at the time.

Attacks don’t have to be direct. Though they absolutely can be, too.