> Isn't the motive to get the user's contact lists?

Probably, yeah.

> If there's an error isn't there a chance that the password leaks out into an error log somewhere?

Sure; there are ways of avoiding that, but who knows what they did.