Recently got email from "no-reply@emps-world.net" (not sure if that legit email or not) but its saying that "there has been a potential security breach for a small amount of accounts on our side." I thought that passwords are hashed and can't really get cracked but idk.

Passwords are safely encrypted with bcrypt (https://en.wikipedia.org/wiki/Bcrypt). The reason why 'only' some accounts were hacked, is because of perfect security in our database. The attackers were only able to steal some passwords by injecting malicious software at the code where you login. This part of the code still contains your password (that is safely sent and encrypted over HTTPS). Protecting yourself from attacks where the attacker has access to the actual code is actually pretty much impossible. The security breaches have been fixed though.