Exposed credentials means that somebody got sloppy the password. So yeah, “stolen creds”. Give the fact that a) NYT seems knows which credentials were exposed, and b) We haven’t seen hundreds of other high(er) profile companies have their private repos breached, it is far more likely that NYT fucked up, and not Microsoft (which is what you implied, with nothing to back it up - other than a very narrow-minded definition of the word hack).
Quite the contrary, actually. Thanks to this law you won’t have to watermark something you own, in order to prevent companies to use it for profit.
Unless of course you have the misconception that downloading something that someone else made is the same as owning it. In which case, I understand this might be difficult for you to grasp.