If you are hiding your head in the ground hoping that the problem will go away by itself, it definitely won't. At least you can contain the damage by acting due diligently - if it concerns you. Even though you can not absolutely quarantine the leaked information from private hands - you can at least endeavor to make it difficult to access, and even illegal to access, by prohibiting its availability on publicly accessible sites, and stake your claim on the information by notifying relevant sites of the infringement - making it illegal for the relevant site to host it. If you do nothing - you might be considered negligent - if not grossly negligent - for not limiting damages as far as possible.
My initial reaction as a techie:
"LOL. You're so funny! The genie cannot be put back into its bottle. Anyone who wants that information will be able to find it. Already the database is sitting on a thousand hard drives and available to download from just as many torrents. If the Internet is a pristine white shag carpet, that database is a bucket of blood. It ain't coming out."
My more well-considered reaction:
"Okay, you have a political point at least. The task may be Sisyphean, but it'd be bad PR to look like you're just sitting on your hands."
My final reaction:
"This information will
always be available to whoever wants to look, as far as we know, but that's a theoretical weakness. There are theoretical weaknesses everywhere. Any hash, given enough time, may be broken. But the trick of cryptography has never been making it
impossible to get encrypted data; the trick has been making it
impractically hard. 'Slow the attacker down until we're in no danger of being caught.' If Mt. Gox can limit the database's availability to the point where it takes an interested party
days to find it instead of minutes, they sharply limit the number of people who might be able to use that information for a later attack."
That all being said: yeah, that data is likely all obsolete at this point. Either their accounts have all been compromised or they've changed their passwords like a good netizen.
EditOn the
other hand, if an interested party
does find it, and if they're the helpful sort, all that hard work will have been for nothing. Much like the Black Plague, it'll spring forth from its dormancy and spread once more. If the data is at all interesting at that point, that is.