> The affected information included usernames, email addresses, and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords.

If they're using bcrypt, then they're using salts since salts are built in to bcrypt.