The Pastebin leak became the most damaging vector because it required no technical expertise to access. Anyone with a link could view thousands of usernames, emails, hashed passwords, IP addresses, and purchase histories. Contrary to some alarmist reports at the time, the Pastebin post did not contain full credit card numbers or raw, unhased passwords (at least, not in its initial widespread form). However, what it did contain was more than enough for a motivated attacker to cause havoc.
The data may have cooled down, but it will never truly disappear. The internet’s memory—especially on sites like Pastebin—is infinite. Every few months, a new generation of hackers rediscovers the Town of Salem leak, re-uploads it, and the cycle begins again. town of salem data breach pastebin
For developers: If you store user data, hashing passwords with MD5 in 2018 is negligence. Use bcrypt, Argon2, or at minimum PBKDF2. Also, never expose an admin panel to the public internet without IP whitelisting. The Pastebin leak became the most damaging vector