Google issued an explanatory series of posts on X outlining that there were no new passwords stolen, and that any legitimate credentials came from an assortment of prior data breaches stretching back years that have been circulating on underground forums. Much of the collection was built via infostealer malware.
