[cxseven]

Just possible. Similarly, the recent FB hack didn't actually penetrate 50 million accounts -- that was just an upper bound estimate based how many accounts were "exposed to the risk" of being compromised, probably because they were noted as being touched by the buggy "view as" function.

[cxseven]

Update: It looks like on October 2nd, Facebook clarified that 50 million users actually had their login credentials stolen, and an additional 40 million were unconfirmed but known to have been touched by the buggy "view as" feature:

https://newsroom.fb.com/news/2018/10/facebook-login-update/