Troy Hunt, the guy that runs the extremely useful haveibeenpwned.com, has released his working password database in the form of SHA-1 hashes.
What this is: an extremely useful tool for people working in security as they can hash passwords in use and see if it’s in this existing list, and thus, probably in a dictionary file somewhere and vulnerable to a dictionary attack.
What this is not: a usable password list useful for crackers, because everything is in SHA-1 hash form.
Troy deserves all the credit in the world for doing a public service for free, and props to Cloudflare for offering to host a 6GB file (also for free).