A Massive Resource for Cybercriminals Makes it Easy to Access Billions of Credentials.

TL;DR:
HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required).
Get the list of affected hardware and patch here: https://support.hp.com/us-en/document/c05827409

How Maria Ressa became the target.