I haven’t reread the articles, but as I recall, a significant percentage of the users were just curiosity seekers: people who just registered with fake info to look around and see what was up, but never paid or actually contacted anybody. I wouldn’t be surprised that these kinds of users just used 123456. I’ve used 123456 on plenty of web sites that wouldn’t let me browse until I “registered.”
I would be more interested in what percentage of the paid users used weak passwords.