These compromised credentials hold significant value for cybercriminals and can be used for botnet spam lists, extortion attempts, spear-phishing, and account takeovers.
They create sophisticated spear-phishing campaigns by gathering information from their target's social platforms and web usage patterns to appear more convincing.