Wordfence Security - someone trying actual login names

I am using Wordfence on all my websites and I am used to seeing IP's getting blocked all the time. No big deal... but one of them today is trying to hack the password using actual login names that are in my system from customers who have made purchases and even one that I set up for Yoast when I had some issues. I am using HTTPS for transactions. How did they get those login names? I have never seen this before on any of my other websites. Normally they try the website name... admin.. etc. Never actual names. Thoughts?