We had a wave of weird spammers taking over old accounts at Ars Technica a few years back.
When we researched it we found the exact same spam on tons of other forums at the same time. Different backends, different topics, no connection between any of them. Tech forum, knitting forum, horse forum, it didn't matter. There was no breach of our systems, it was someone else's security flaw that was the source.
When a password database leaks there are whole systems in place to take advantage of it. They have your login names, your emails, your passwords, anything else that might have been in there. They have databases of sites to try automatically logging in with all the credentials they harvest, they have people on deck to do it by hand, there are servers where they bundle and pass these passwords around. They're running scams, pushing SEO garbage, and just doing straight up vanilla spam.
I know it's been said several times already, but you gotta stop using the same damn password on every site you log into. Every single one should be unique. Yes, that includes those random forums you sign up for, and end up using more often later.
99% of the issues come back to that. One site with poor security is breached, their passwords are hoovered up, and then it's like having unprotected sex, you're sleeping with everyone that person slept with before.
It might feel like you're suddenly seeing a wave of it, but this happens all the time.