It's possible that someone got their hands on the old hacked database from May 2015 and decided to actually attempt to get into accounts with info that they gathered from that database.

Another possibility is that some site Bitcoin related was hacked and people got their hands on their databases and are checking to see if there are reused passwords to get into bitcointalk accounts. For example, recently a database dump from 2014 of btc-e's database reached HaveIBeenPwned so it is likely that that database was floating around publicly for a bit of time beforehand and is still available. So people might be using that to match accounts on btc-e to accounts on the forum and then trying passwords to see if there is any reuse.

Unfortunately the forum can't really do much. If the admins lock accounts which have not changed their passwords and then send password reset emails to all of those accounts, a lot of people will be locked out because emails aren't validated and a lot are either invalid, or just point back to bitcointalk.