Probably a vast majority of those certificates are used on other servers
I figure the reason why many sites haven't revoked the old certificates is that they aren't done replacing the old ones, like they may be used in DR sites or cloud services and they are waiting until those have been replaced before revoking the old certs. A lot of companies I've worked with wait until primary production has been proven to work for some time before the change can be made in DR.
After-all, it would be pretty stupid to revoke *then* issue new certificates since that would leave a time period in which no encryption is possible.