Better change it as a precaution...
All the User passwords for BD
http://forums.azbilliards.com/showthread.php?t=305258
It might take time for someone to decrypt them, but it's out there forever now.
If you use a common p/w across many forums....
Agreed. That "pastebin" website is well-known to us in the information security circles, and if your "stuff" shows up there, you're in deep kimchi (security posture-wise).
To be sure, that "dump" you see on the pastebin website are NOT passwords; they are password hashes. "Hashes" are technically one-way "destructive" encryption -- meaning, they're "not supposed" to be able to be "decrypted" backwards. The way hashes are used, is that your password is "destructively encrypted" into a hash, and that hash is stored in a database. Then, when you login to that site, the password you type into the "Password:" field is destructively encrypted (hashed) once again, and that hash is compared to the hash stored in the database. If the hashes match, you typed the correct/same password as that which created the original hash, and you're authenticated.
The problem with "one-way, destructive encryption" is that the hash is ALWAYS of a finite, fixed length. Meaning, if your password is longer than the hash itself, information is "lost" (truncated) and your hash has the possibility of matching another completely different password.
Another problem with hashes is the algorithm used to create them. The two most common, MD5 and SHA-1, are increasingly getting nibbled away at by ever more powerful computers. MD5 is just about there -- fully cracked. SHA-1 is a little more secure, but it's getting nibbled away at, too.
So a farm of commodity PCs (e.g. running Linux in a parallel computing environment) can take that list of MD5 hashes from the Billiards Digest site, and begin what's called a "brute force" attack on that list of hashes -- MD5'ing basically every word in the dictionary, with digits, upper and lowercasing every letter, substituting numbers for vowels, mixing punctuation in amongst the letters, etc. -- and comparing the resulting hash with each hash in the Billiards Digest list. Got a match? Record the "password" used to generate that matching hash along with the username.
And they *WILL* crack most of them. It's just a matter of time.
I scanned briefly through that list, and there are a bunch of AZB'er screennames in that list I recognize.
So if you have a Billiards Digest account that uses the same screenname, it behooves you to not only change your Billiards Digest password, but also your AZB password if it's the same.
Do it now, while you're reading this!
Signed, your friendly neighborhood information security professional,
-Sean