There's been stories for a while of massive malware infections sniffing usernames and passwords of infected users. Simply because there's little to give away that such an activity is going on (ie, if you were spamming or mining bitcoin there would be a real-world impact shown immediately) it's extremely hard to confirm or deny if this is happening and at what scale. In my mind it doesn't seem unlikely that would be happening though. Combined with large websites like LinkedIn being compromised, you're looking at a very, very big problem.
