I was curious, where do the people trying to access a paysites members area actually get their password combinations from?

The last hour or so we've been experiencing a brute force attack on one of our paysites (thankfully StrongBox has stopped themall) but im just wondering where they come up with the combinations they try, some of them actually look like they could be legitimate user/pass combos from other paysites.

Regards,

Lee