A password leak is one of several ways in which a user database can be considered compromised. Beside the fact that every leaked user had access to every other leaked user's database record, which is a huge breach in itself, how do you know that no administrative credentials were leaked?

The user database was compromised in a major way, even if nobody got root.