Not necessarily. You can collect information such as username, passwords, phone numbers from leaked databases and then attempt to login via Coinbase. Some might have 2FA, so they might even go as far as to sim swap them given that they know their phone number.

So it doesn’t necessarily mean they got it from Coinbase.