MagicalTux, a few cases can already be found here:
http://forum.bitcoin.org/index.php?topic=18050.0It also has some information regarding passwords strengths and operating systems that people used etc.
Also, have you received my PM about the CSS history sniffing vulnerability?
Copy in case that disappears:
Mt. Gox Db Purportedly for Sale...
Posted to the 'Bin:
"I Got mtgox database,1 day old.Got also bitcoins7;it not as big but still lots hehe!no secure LOL.....
would send user&pass in here but,I want to sell to big buyer
Email:
auto36299386@hushmail.comMake big offer!!!
~cRazIeStinGeR~"
http://pastebin.com/xhnNdvteI call that a fake/scam attempt. If it was true, this "hacker" would first have emptied as many accounts as possible before selling it. My account remains untouched and so do accounts of most others, only a small % of the people got "exploited".
If the easiest way of "laundering" stolen money would be the exact site you compromised (Mt. Gox) I can imagine that someone does not want to go through the trouble of laundering everything, and would rather sell off the entire database in one hit and have others deal with that. Not to mention selling the database to multiple people.
Password are encrypted one way (+salt). Someone cannot be selling "user + pass" unless he has some way to revert this.
In one expression: FUD
Hashes (even salted) can be bruteforced. Especially if someone has for example already set up Bitcoin mining rigs, he would have considerable power to use on bruteforcing passwords, not to mention things like Amazon AWS (or other cloud computing services) that can be used to very quickly crack hashes.