It's possible that someone got their hands on the old hacked database from May 2015 and decided to actually attempt to get into accounts with info that they gathered from that database.
This.
A lot of the 2010-2012 accounts do seem to be compromised. In 2012 the site was changed to use a much stronger hashing method for passwords. In 2015 the site was hacked and the database (with password hashes) was leaked. It would make sense that the hashes from early accounts are easily brute-force-able.
At this point I would assume that the 2013+ accounts are unrelated though and probably hacked due to re-using passwords on other sites.
Overall, I do assume most of those old accounts are newbie accounts (most even by spambots) where the owner didn't login after 2012 (as that would update the password hash.) Basically the potential damage is very limited. He might be able to sell those accounts though. I don't think admins can do too much against it. But if there is a very clear pattern (like all accounts logins from same IP), obvious accounts could just be frozen IMO.