And if you read the story, it's because he ignored the fact that the password manager didn't prompt auto-fill.
"I went to the link which is on mailchimp-sso.com and entered my credentials which - crucially - did not auto-complete from 1Password. I then entered the OTP and the page hung. Moments later, the penny dropped, and I logged onto the official website, which Mailchimp confirmed via a notification email which showed my London IP address:"
Malicious traffic is not limited to ssh and comes from the same usual suspects. Automated attacks against web applications is constant. I wouldn't say it's indiscriminate, it's practical.
5c to read an article? Sure. $20/month subscription? No way.