The breach was not caused by a centralized hack on a particular company. Instead, the data appears to be a collection of credentials harvested by infostealer malware and compiled into massive, unsecured databases.