Collection of nearly 9 million credentials used for some brute-force attacks in 2013
Study: Cisco 2014 Annual Security Report
Date: January 2014
"In the course of investigation, researchers with Cisco TRAC/SIO discovered a hub of data used to feed [brute-force login attempts]. It included 8.9 million possible username and password combinations, including strong passwords -- not just the easy-to-crack "password123" variety. Stolen user credentials help to keep this list, and others like it, well stocked."
"Key targets for recent brute-force login attempts are widely used content-management system (CMS) platforms such as WordPress and Joomla. Successful attempts to gain unauthorized access through a CMS give attackers the ability to upload PHP (hypertext preprocessor) backdoors and other malicious scripts to compromised websites."