I explained how it generally works above. There are people who collect leaked/compromised data. If you have a LinkedIn account, for example, and use the same email/password combination on ebay, then your ebay account is available to anybody who has access to the LinkedIn leaked data.
You can write some code that just goes though the leaked data and tries logging into ebay accounts. Eventually you’ll hit one with sufficient feedback, especially given how many boomer ebay account holders probably use their “dog’s name + 123” as their password for everything.
This is also how Gary’s ig account was compromised
Or more famously, Trump’s Twitter account used the same password as LinkedIn (“yourefired” - no joke) and his account was briefly compromised