I am glad they were hashed, but that's a misleading statement. The point of hashing is to slow an attacker down, even with full best security practices (e.g. salt + pepper + argon2 w/high factors) they can still be reverse engineered. It is a matter of when, not if.
I'll pay you $10k if you can crack this sha512 hash.
I'd offer a million, but I don't have that kind of money.
5a55b7b0e1f9452f925b1aa43cf148081da58c66c735961d9a7cb699b2fd5b08bee6b24ec47fce0b93ba49df83641a30c7843dece49e0a0db5a7c50901492fdd
It's technically true that all cryptography is just slowing things down, but we are talking about heat death of the universe lengths of time for most crypto algorithms.
*assuming quantum computing doesn't take off or a fundamental flaw isn't found in the crypto.
You should be using the solutions readily available instead of trying to reinventing the wheel, or avoid this subject altogether if you can't be bothered to educate yourself as to why.
This has been a decades-long issue, and it blows my mind how people in IT still didn't get the memo.
Use argon2, scrypt or even bcrypt who all are designed for keeping passwords secure with regards to brute force cracking.