I've been running over the supposed SR2 leak, comparing what the leaker gave us against other well-known leaks.
The leaker said that SR2 used the following hash method: sha1( salt, password). Without the salt, we won't be able to verify our accounts. But we can look for patterns in the hashes. What I found is that there are no duplicated passwords in the 10% released leak. This doesn't necessarily mean that the leak is fake, but it is suspicious.
This is not meant to be conclusive as to whether or not the leak is fake, just a point to consider before participating in this auction.
476,122 users in total, 47,532 released, not a single dupe. I'm getting stats about other leaks