after hack all user names are changed to 'admin'

hey,
i am looking for advice here, so thx for helping in advance.

after hack all user (subscribers) names are changed to ‘admin’ and their passwords are all the same too. i guess the hacker used that backdoor.

after a clean up, i manually renamed all user names, but i am not sure what to do with that password now. i think it makes sense to rename those as well to close that backdoor, even if i also would just pick an equal password temporary for everyone (subscribers could just request a new password when they want to log in). what are you suggestions here?

and… is there a way to rename all wp_users passwords at the same time, or would i have to get into each entree?