The company said about 1,000 users' accounts were breached using duplicate passwords harvested elsewhere on the web