Some older, inactive Mastodon accounts are being turned into spam accounts.
Every account I've checked has been in the haveibeenpwned.com database, i.e. the spammers are using breaches from other websites and randomly trying e-mail/password combinations to get access to those accounts, insert spam links in the bio and start following people.
An exceptionally simple defence against this happening to you is using two-factor authentication. Check your account settings to see how to enable it.