Searching for "large-scale credential leak analysis" on Google Scholar will yield papers discussing the lifecycle of leaked credentials from the dark web to public repositories.
These lists usually include email addresses from various providers (e.g., Gmail, Outlook, Yahoo) and the corresponding plaintext or hashed passwords. 29K FULL MAIL ACCESS.txt
The Have I Been Pwned project, created by Troy Hunt , provides extensive documentation on how these "collections" are aggregated and the impact they have on global security. created by Troy Hunt
Research by organizations like Akamai or Cloudflare often explores how lists like these are utilized in automated attacks. 29K FULL MAIL ACCESS.txt