Probably credential stuffing attacks where they use stolen login credentials from other websites.

That’s why they say “don’t reuse a password and use a password manager”.

Be sure to check haveibeenpwned.com to see if your data is in a public data leak.