Background for international readers:
November 5th a list of 16.000 names, street addresses, email addresses and id numbers was leaked and finnish yellow press was spreading panic. Later some organizations admitted that their systems were cracked.
November 12th a new list of half a million email addresses belonging to finnish users was leaked. Yellow press making big headers.
November 13th a partial list of passwords was leaked, list was claimed to belong to the leaked email addresses. CERT-FI confirmed that passwords are real and finnish news services are now full of discussions about the situation.
Any ideas where some of the email addresses and potentially also passwords are coming from? Yes.
List has 52535 addresses from gmail.com domain and 86 of the users use the same trick that I do: append some additional text to the email address using address alias. I've done that myself to track how my email address potentially spreads, but this time we can read hints about the cracked sites cleanly from the address list. There are not many sites that can be discovered this way, but certainly something related to ice hockey, cars, calorie counting and personal finance management.