I don't think speculation like that is helpful.
The authorities have the ability to subpoena the Google (gmail) account to find out what's really going on. Anything else risks an pile on which might have real world consequences for innocent people.
It's an additional summary 'data point' -- speculative, or otherwise. It's certainly not the only one popping up in simple search. Ignoring it isn't generally helpful either, especially if it *is* inaccurate.
If there are 'better' resources that summarize in somewhat-human-speak, and put appropriate question marks near/on possible affected packages, (e.g.) liblzma, libarchive, oss-fuzz, etc etc, please do share ...