@3e3ce96c 
Wait wait wait and WHAT!

7 million customer datasets breached by credential stuffing 30 million users?
This sounds off to me (actually rather like bullshit). I agree that too many people reuse passwords, but I doubt that ~25% of the users reuse passwords and their passwords are known from other breaches.

This rather sounds like credential stuffing of a privileged account. This would also explain how it was possible to target specific ethnic groups