Looks like they exported FDF tmp files (PDF derivative) that had the session values from saved user name and passwords.

Is there any chance that the exporting files from this extension could be exploited by Black Hats? We do have the extension used to export reports and just can't see how they got in...

Hello Steve,
There is no way the export function to be exploited in order to "hack" your site. All of the export processes are done server-side using php code so it is impossible to access them.