If you are interested in the of how these lists are handled by security professionals, here is how they are typically used for legitimate defense:
: Use Two-Factor Authentication (2FA) on all platforms; even if your password is in a "base," they cannot log in without the second code.
: Analysts study these lists to identify common password patterns (e.g., "Gaming123") and help developers enforce better password policies.
: Services like Have I Been Pwned ingest these "bases" so users can check if their own email has been leaked in a specific dump.