I've changed the title to reflect the size but there is no story here without the link. What would you have done? I ask not to confront but rather to learn.
I didn't feel completely comfortable posting the link but thought it was better that it's out there (and it looks like it's not even new according to comments).
There appear to be no malicous/unsafe <scripts/> at the moment. No HTML tags.
Just one email per line, and a colon (:) delimiter for the password.
The MD5 hash is:
c1d5f3998459acea8d32937a4485c0b7
Availability is spotty. The server is refusing connections, probably due to high load.
The IP address resolved to:
81.4.110.159
I don't think the direct link is out of line. Some users might need guidance on how to safely inspect the file.
In terms of HN community conventions and common behaviors, people will often submit a question like "Ask HN: Lorem Ipsum..." and then provide follow-up details in the message body, including relevant information, such as the details I've provided above.
This way, if the owner of the resource at the address starts serving up malware, users can verify the content before consuming it.
These are merely community memes though. Not any sort of auspicious, high-minded "best practices as prescribed by experts" or anything. Just some stuff a bro might do around here.
Also, WHOIS info might be useful, if safety or malware is a concern...
This doesn't preclude the domain owner having been pwnt and used as a patsy. Or even whether that person might have a valid reason for hosting the file?
I looked at the paste file. It had my gmail address (which is mostly what I use for public stuff) but the password came from only one place: travel.travelocity.com; however that user database is long gone as Travelocity is now just a brand of Expedia so that old account no longer exists. Of course I don't reuse passwords so it's not an issue. I wonder how it got there.
I'm sure it'll get added to haveibeenpwned.com fairly quickly. That said I'm trying to grab it for the same reason. If your email is in your HN profile I'll give it a check.
https://productforums.google.com/forum/#!topic/gmail/4q3AYMi... and https://facepunch.com/showthread.php?t=1423764 refer to this link.
Edit to add: https://haveibeenpwned.com/PwnedWebsites#BTSec