What happens with such data is the pastes get distributed eventually (used to happen on a forum like Hackforums or Chan, moved more towards Tor I can imagine). Then it recently got in the hands of an attacker who tried to exfiltrate the data.
We don't know if the attacker tried the same password on a different service, such as Gmail for example. It does not make sense to not try this, given the geoblock.
I remember seeing on a hacker conference in 2019 a demo by some Italians (in my mind I think about Evilsocket) of a phishing attempt where they automated the process of getting the 2FA from e-mail. Geoblock or IP whitelisting is essentially a form of 2FA.
We don't know if the attacker tried the same password on a different service, such as Gmail for example. It does not make sense to not try this, given the geoblock.
I remember seeing on a hacker conference in 2019 a demo by some Italians (in my mind I think about Evilsocket) of a phishing attempt where they automated the process of getting the 2FA from e-mail. Geoblock or IP whitelisting is essentially a form of 2FA.