For starters, Motherboard received a statement from Russian email provider Mail.ru, which accounted for 57 million accounts in the data release. The provider claims that after doing a sample check of the data, none of the email and password combinations work. This casts plenty of doubt on the legitimacy of the entire data set.
Furthermore, Alex Holden (CEO and founder of Hold Security) admitted that the data appeared to come from "a collection of different breaches." Between this and the doubt that Mail.ru has cast on the legitimacy of the data, it's entirely possible that the data in this "hack" is either quite old or didn't come from the email providers directly -- or both. Troy Hunt of "Have I Been Pwned" (a site that maintains a repository of data breeches) said to Motherboard: "You know how much effort we go to in trying to figure out if breaches are legit or not, it feels like that hasn't happened here."