5,600 accounts were targeted in what the federal government describes as “credential stuffing” schemes.