Some older, inactive Mastodon accounts are being turned into spam accounts.
Every account I've checked has been in the haveibeenpwned.com database, i.e. the spammers are using breaches from other websites and randomly trying e-mail/password combinations to get access to those accounts, insert spam links in the bio and start following people.
An exceptionally simple defence against this happening to you is using two-factor authentication. Check your account settings to see how to enable it.
@Gargron - well there not only weak user passwords out there, but very old and apparently unmaintained and insecure instances. According to my federations statistics like 25% are running a Mastodon version <=2.8.0
All friendly creatures are welcome. Be excellent to each other, live humanism, no nazis, no hate speech. Not only for nerds, but the domain is somewhat cool. ;)
No bots in general! (only with prior permission)