There has been three instances that I know of where a significant number of hacked account passwords have been publicly released. I have obtained the lists and made a thorough analysis of each of them, including the most common passwords and character frequencies. In total, there were 116782 passwords.

Myspace Phising: 47380 Account Passwords

In 2006 there was a large scale phishing attack on myspace accounts. Someone found the file on the server where the compromised accounts were being saved to. 47380 emails / passwords were found. A password analysis was done here and here.

phpBB: 28644 Account Passwords

In someone noticed an exploit listed on milw0rm for PHPlist, a newletter manager. They found it was running phpBB’s server and used the exploit to steal passwords of users that logged in over the coming weeks. The hacker wasn’t caught but rather made a blogspot account and bragged about it uploading the entire user database (passwords encrypted) and the usernames and passwords of those who logged in while he or she was in control. 28644 username and passwords were uploaded to file sharing sites. A password analysis was done here.

: 40758 Account Passwords

On it was discovered that , a christian dating network, did not have any security at all. Logging in and going to ‘edit profile’, you can see your email, password and other information.