I estimate around 30%, or 30,000 early accounts, under u=100,000, are hacked.
You know the forum was hacked in 2015, yet assume 2013+ accounts are not related? I don't understand this.
By stealing the DB, you cannot actually get the passwords, just the password hashes. In 2012 the method of password hashing was changed. So anyone who logged in after that (or registered after that), would have their password hashed in a very secure way. I am too lazy to do the math, but basically the password hashes
before that are
very easy to crack and
after that would take an
insane amount of computer calculation.
Most accounts on the forum are newbie. Most accounts have never been used.
My point is that the real accounts who were active, still logged in after 2012 automatically causing the password hash to be changed to the much more secure method. That is why I believe most hacked account will be accounts with 0-low posts (former spam bots and other newbies), that never logged in after 2010 - (begin)2012 again. Therefor the damage is
relatively limited, but could be used for selling / signature campaigns / maybe somewhat fake reputation / etc, so I do agree it is worth investigating for theymos. Note that the forum already keeps logs and theymos added extra logging methods too, like when the user changes a password:
https://bitcointalk.org/seclog.php so IMO he can still do plenty of analyzing.
Many accounts after 2012 are also hacked. Lauda's list below are 2013 and 2014 accounts. Lauda's previous list was longer and more diverse.
Hacked accounts have always been happening here for many years. Mostly because people re-use passwords on all sites. This means that if a hacker hacks any bitcoin sites (even faucet sites with ton of users), he could use those passwords on this forum. Bitcointalk also always have been the target of phishing attacks, so another way to get hacked.
As of now, I don't have very clear proof that 1) hacked newbies accounts from 2010-2012 and 2) hacked accounts after that - are related.