Simply yes. I won't go deep on this but it's a common ploy to see if accounts were used to login. Or to see if folk subscribe or have accounts there.
So simply yes. It happens and so many out there probing today. And not people, bots. Bots everywhere.
I'm developing a small site with PHP and MySQL. It's still in testing and I haven't published the URL anywhere. I recently noticed that since December 26, 2017 there have been over 1,000 attempts to access the site with a URL like this: email@example.com&
The site has several alias domain names and they are also being targeted.
This is attempted dozens of times every day. The originating IP and the target email address is different every time. More than 50% of the email addresses are from yahoo.com.
I'm suspecting that someone has a bot running that is trying to use this to test stolen passwords (just a hunch).
Has anyone seen anything like this before (I've done lots of Google searches to try to find information and come up empty)? Should I be concerned? Is there anything I can do to fight back?