Early in 2019, I wrote about a massive data breach called Collection 1 and why it meant you needed to change your password, again. That breach included over 2.6 billion usernames and passwords according to Troy Hunt. Basically, anyone with access to the collection could use it for credential stuffing attacks where they use combinations of the usernames and passwords to try and force their way into various accounts. If your username or password was anywhere in that collection, it was safe to assume you could be compromised and needed to update your passwords.
Yesterday, as reported by ZDNet, it was announced that Europol arrested 5 hackers from the Infinity Black group behind Collection 1 and other collections of hacked data. While there is not a great deal of information about everything they did yet, it appears they would use credentials to gain access to loyalty accounts and sell those to other criminal gangs.
While this news does not undo the damage they caused, it is nice to see law enforcement at work trying to protect you on the web. You can help them out by making sure you are smart about how you use and store your online credentials.