Back in June 2009, I blogged on an authenticated user attack on a client's server.
As part of that blog post, I included the list of names that were attempted.
The same server was attacked again in the last few days, and the list of usernames attempted changed very slightly. I have included the list below.
So quaint that they were tried in alphabetical order as well.
This list, along with the list from the original attack should be a list of usernames and passwords that you should avoid using, simply to ensure that you don't expose more than is necessary to this kind of attack.