A hacker has contacted me claiming that he’s selling 150,000 emails and hashed passwords stolen from Bitcointalk.org, the Bitcoin discussion forum that was recently hacked and defaced. He's asking BTC 25 for a copy of the data.
He has refused to provide any details, but he has sent me a file containing 5,000 email addresses and passwords.
The data appears to be legitimate. The passwords are hashed with sha256crypt just as Bitcointalk representatives stated after the site was hacked.
I’m trying to get in touch with Theymos, the Bitcointalk administrator that seems to be handling this whole situation, to see if he can confirm the legitimacy of the data.
As he mentioned, although it’s unlikely that anyone can crack the passwords, it’s best to assume the worst, which is why users are advised to change their passwords if they use the same one for other online accounts.
Also, the large number of email addresses is ideal for a targeted phishing attack, so Bitcointalk users should keep an eye out for any suspicious emails.
Update. Theymos has verified the data. It appears it's fake. None of the leaked email addresses exist in the database.