Either is entirely possible. The passwords is quite weak, at only eight lowercase letters that also happen to spell a very common dictionary word, so it could have been brute-forced by a single individual with less than a thousand dollars’ worth of computer hardware and a one-line Perl scr...
The compromised data included usernames, passwords, and email addresses. Notably, the passwords were stored using a weak hashing algorithm (SHA-1), which made them relatively easy for hackers to decrypt. The breach was discovered whenthe data was put up for sale on the dark webby the hacker ...