A common example would be credential stuffing attacks. A tool like SentryMBA, an account checker, would use
a combo list to automatically check which accounts are valid for a site. Once these accounts have been
validated then they will be subject to a full account takeover and, inevitably, some sort of fraud.