The ‘stolen’ data includes owner IDs as well as users’ first and last names, phone numbers, email addresses, and passwords.