There’s some phenomenal password research here from clarkson.edu that talks about common passwords found during Internet attacks.
I’ve taken those entries and put them into a single list here on Github, and I will soon be adding the abridged rockyou list (once I get their permission). Thanks to @jhaddix for pointing me toward that list.
The idea is to maintain a tight, ever-evolving password list that I can use for busting accounts, and people can fork as desired. So as new research comes out on more up-to-date passwords, I’ll update the list.
Let me know if you’re interested in participating.