Cybercriminals are now using a combolists-as-a-service model to sell credential collections to other crooks, which will later use them as part of large scale malicious account takeover attacks. Account takeovers are the result of successful credential stuffing attacks which allow attackers to use credentials obtained from security breaches or from other cybercriminals to try and gain access to accounts registered on other sites. The Photon Research Team recommends the following mitigation measures to decrease the risk of account hijacking attacks.
Source: https://www.bleepingcomputer.com/news/security/crooks-sell-credentials-using-combolists-as-a-service-model/