Using a stolen username and password from one service to attempt a login at a different one. Even though people often use the same login data on different websites, credential stuffing attacks have a low success rate. However, collections of hacked credentials can number in the millions, and given enough attempts, crooks can indeed gain access to other websites. See
username.