Too early to tell for sure, but it looks like the current theory is that it’s some combination of aggregating existing breach data and information gleaned from credential stuffing attacks.
It’s more plausible than some absurd number of websites all had the same 0-day leading to 26,000,000,000 accounts leaked. The people selling these aren’t exactly trustworthy and are just as likely to repackage old leaks to rip each other off with.
Too early to tell for sure, but it looks like the current theory is that it’s some combination of aggregating existing breach data and information gleaned from credential stuffing attacks.
It’s more plausible than some absurd number of websites all had the same 0-day leading to 26,000,000,000 accounts leaked. The people selling these aren’t exactly trustworthy and are just as likely to repackage old leaks to rip each other off with.