We tune the hash iterations to take a reasonably long amount of time on our modern hardware. That said, a dedicated and well funded attack on a single hash could certainly crack it in a relatively short period of time (which is why we protect the hashes as if they were cleartext passwords...)

I think it's far more likely they'd find a way to break the hash function and not tell anyone about it.