The popular cryptocurrency forum bitcointalk.org (the site is currently down) was breached by hackers yesterday. Apparently the hackers were able to gain access to the site database and obtain the complete list of ~150,000 user accounts, along with each user’s hashed password. The hackers are now offering the list up for sale to any interested buyer for 25 BTC. There is some more information in this reddit thread.
If you had an account on the bitcointalk forums, make sure that you’re not using the same login/password combination anywhere else. While the user passwords were hashed, they’ll likely be cracked at some point.
Here is a copy of the email that I (and presumably every other bitcointalk forum user) received from the bitcointalk admins earlier today:
Unfortunately, it was recently discovered that the Bitcoin Forum’s server
was compromised. It is currently believed that the attacker(s) *could* have
accessed the database, but at this time it is unknown whether they actually did
so. If they accessed the database, they would have had access to all
personal messages, emails, and password hashes. To be safe, it is
recommended that all Bitcoin Forum users consider any password used
on the Bitcoin Forum in 2013 to be insecure: if you used this
password on a different site, change it. When the Bitcoin Forum
returns, change your password.
Passwords on the Bitcoin Forum are hashed with 7500 rounds of
sha256crypt. This is very strong. It may take years for
reasonably-strong passwords to be cracked. Even so, it is best to
assume that the attacker will be able to crack your passwords.
The Bitcoin Forum will return within the next several days after a
full investigation has been conducted and we are sure that this
problem cannot recur.
Check http://www.reddit.com/r/Bitcoin/ and #bitcoin on Freenode for
more info as it develops.
We apologize for the inconvenience.