What if a majority of online services agreed to all create a lot of fake user profiles in their databases that have random string passwords? Then, when a service gets compromised and passwords are leaked, there are a bunch of useless passwords in the published leak mixed in with the real passwords that might be re-used on other sites.

Is there a ratio of fake passwords to real ones that would result in a brute force attack using such a poisoned list being too expensive? Would that ratio result in performance overhead when real users login?