The topic is more nuanced, all the logs indicate email/password combos that were compromised.

While it is possible this is due to a malware infection, it could be something as simple as a phishing website. In this case, credentials are entered but no “malware” was installed.

The point being it doesn’t look great that someone has ANY compromises… But again, anyone who’s used the Internet a bit has some compromised. For example, in a password manager (especially the one on iPhone), you’ll often be notified of all your potentially compromised accounts.

This is a bit sensationalist, anyone who’s been online a lot will have a lot of results in haveibeenpwnd… It doesn’t automatically mean this guy was severely compromised.

Important to remember misinfo comes from both sides of the aisle.