I think you mean authentication. But realistically, you're making the same mistake. And making a stupid assumption.
It was a typo and I've made no assumptions, just allowed for the possibility that due to this security breach a user account could be compromised. That could be due to social engineering using information gained, phishing campaigns with the emails harvested or yes even something involving accounts directly, however unlikely.