The idea is the same, even if the exact implementation details may be off. There are other ways of achieving the same result.
$ man passwd
The passwd command changes passwords for user accounts. A normal user may only change the password for his/her own
account, while the superuser may change the password for any account.
I doubt they have a different system for different types of passwords. They all go into the same (hopefully encrypted) database on the way to the server when changed via any DH-provided interface. From what DH has revealed, passwords are encrypted in that database, not hashed. That may have changed though; I haven’t kept up on this issue.
In the US, emails older than 180 days are not subject to the same privacy protections. They are considered database entries, just like call records and the like. See https://www.eff.org/deeplinks/2013/03/ecpa-reform-continues-move-forward-today-hearing-house-and-movement-senate. So, depending on which emails were accessed, then there may be no claim. And it doesn’t look like the emails were actually read, just the account accessed.
I really doubt any customer could claim a reasonable expectation of complete privacy given clause six of the ToS: