This is why companies have to implement 2fa on every app where possible. It helps mitigate against such attacks. There should never be static credentials which are easily “shared”. These companies like Argyle are clearly committing criminal attacks. There are also 2fa implementations with SAML that prevent such attacks. In addition you can have enterprise password management with 2fa protection like saas pass that creates an attribution trail that can identify “shared” credentials.