Malicious actors are using the massive supply of previously stolen login credentials to help brute force their way into high-profile cloud-based business systems that cannot easily use two-factor authentication for security. Proofpoint researchers found the availability of these tools has powered a massive increase in the number of cloud attacks taking place which in turn enable the attackers to possibly gain access to the people inside an organization who can be conned out of money. [1]
[1] Doug Olenick on SC Magazine