Music service Last.fm was hacked on March 22nd, 2012 for a total of 43,570,999 users. This data set was provided to us by daykalif@xmpp.jp and Last.fm already knows about the breach but the data is just becoming public now like all the others. Each record contains a username, email address, password, join date, and some other internal data. We verified the legitimacy of this data set with Softpedia reporter Catalin C who was in the breach himself along with his colleagues.
[…]
Passwords were stored using unsalted MD5 hashing. This algorithm is so insecure it took us two hours to crack and convert over 96% of them to visible passwords, a sizeable increase from prior mega breaches made possible because we have significantly invested in our password cracking capabilities for the benefit of our users. Here are the top 50:

Rank Password Frequency
1 123456 255,319
2 password 92,652
3 lastfm 66,857
4 123456789 63,984
5 qwerty 46,201
6 abc123 36,367
7 abcdefg 34,050
8 12345 33,785
9 1234 30,938
10 music 27,975
11 12345678 25,876
12 111111 25,313
13 abcdefg123 21,555
14 aaaaaa 19,098
15 123123 18,147
16 123 17,225
17 liverpool 17,191
18 1234567 17,168
19 000000 16,941
20 monkey 16,787

Source: LeakedSource Analysis of Last.fm Hack

(ok, top 20 here, go to leakedsource for the rest)