It looks to me like the article is talking about authentication tokens that they found in the data they took from the breach.