Thanks for chiming in with your experience. Would you attribute the doubt to a DevOps person without Security experience, or someone with ulterior motives? Has CISA determined the lost credentials to be password stuffing or endpoint compromise? Seems plausible that DOGE staff had infostealers on their endpoints and the automated validation of those credentials did not include a review of where they got them or whether it will be noticed.

The (under oath) claims of extraction of data seem strange for the reasons you mentioned but so do the threats as well as the NLRB PR rep stating that DOGE was never there, I think there's more to be discovered that could clarify what happened.