It’s called Cracking, those people get the username and password either from some forum that shared it or they perform an SQL Injection attack on vulnerable sites using some tools to get the username and password combos. Then they try those on popular sites via some tools which let you load those combos and load proxies so you don’t get banned for using one ip again and again.
This process takes a good amount of time, maybe 1-2 days if you have a good amount of email:pass combos, eventually some combos will work on some popular sites, which you can then sell at cheaper rates.
If you want to learn it, you can search for Cracking courses, you will get some good courses here itself.
And yes it’s not ethical, but people still make money from it anyway.
Note : You will be needing a Window RDP for this as it takes 1-2 days to try combos and it consumes a good amount of bandwidth too.