This research by Okta highlights the issue of users recycling passwords:
Okta: Credential stuffing accounts for 34% of all login attempts (bleepingcomputer.com)
There were more login attempts by threat actors than legitimate ones! They were just trying out passwords to see if someone was stupid, (sorry if you do not like that word but it was the best, I could think of to make my point), enough to reuse one.
Credential stuffing – Wikipedia
Do your team know about the security risk of recycling passwords?
Clive Catton MSc (Cyber Security) – by-line and other articles