[saurabhnanda]

Just wondering, genuinely out of curiosity - how does one get to this 5% number? If the attacker had access to the DB s/he had access to 100% user data right?

Or did the get access to a partition of the user data? How is this even possible?

Some very old backup that had only 5% of earliest users?

Some log file which had plain-text creds of approx 5% users?

Or did they discover the attack as it was happening and kicked-out the attacker in the middle of a data download (only 5% complete)?

[torvald]

Their data can be sharded whereas only a part of their databases got compromised. Or it could be a cache layer that got compromised. Or a partial user dump intended for something else that somehow ended up in the wrong hands. I guess there could be a lot of reasonable explanations.

[croh]

same feelings here. On what basis they are predicting 5% ?

[chungleong]

A differential backup file would be my guess.