• Someone got in to one user database, but not all of them.
• Someone got into the complete user database, but were found out during the intrusion and cut off.
• Someone found a sharded DB dump or backup.
• Someone found/stole/virus'd a dev laptop with DB dumps.
• Someone sat on the network for a while and grabbed app server -> DB traffic.
Replace "Someone" with "russians," "brazilians," or "something behind tor" for more accurate portrayals.
• Someone got in to one user database, but not all of them.
• Someone got into the complete user database, but were found out during the intrusion and cut off.
• Someone found a sharded DB dump or backup.
• Someone found/stole/virus'd a dev laptop with DB dumps.
• Someone sat on the network for a while and grabbed app server -> DB traffic.
Replace "Someone" with "russians," "brazilians," or "something behind tor" for more accurate portrayals.