Re: Very disappointing
So essentially what you're saying is that none of your services or client data are on 000webhost but when your client's email addresses turned up in a list of those affected by a hack of their services you took the initiative and reset their passwords/deleted payment details in case they'd recycled passwords?
If that's the case, I think perhaps an email to the potentially compromised accounts would have been a better response,
As it stands, you're also guilty of sensationalism because you should have no way of knowing if those clients had recycled passwords.
Unless you're telling us you store passwords in plaintext?