By publicly releasing copious numbers of unprotected authentication credentials, we are able to assess the frequency with which users select poor or easily guessed passwords.
The latest list derived from such sources by security software company Splashdata paints a very similar picture to any number of previous studies of exposed passwords; that for online sites that demand a password, users choose very simple ones.
Now, it's clear that too many sites demand users create an access account for totally pointless reasons, and this author is just as guilty as many others for using 'password' or something similar as a password for the site that INSISTS I create an account just to post a message on their forum. Sites that I will probably never return to and who also have a bogus email address for me (I prefer to give them email@example.com should they insist).
And that is the reason why it is unreasonable to draw too much out of this study. If everyone were using such passwords on more personally-important sites (such as email, banking etc) we would be seeing a much higher level of identity theft than we are. I'm not saying that users should weaken their password practices; far from it, but I would caution people from reading too much into studies such as these.
A glance at the top 25 reveals few surprises with popular entertainment, sports and personal highlights figuring prominently amongst the numeric and keyboard-pattern samples.
The full list from Spashdata is as follows: