Solution: Database dumps & password re-use

Tools Used:
After a bunch of internet search queries, you may land on this reddit thread which gives a magnet link to download the LinkedIn and tumblr database breaches (along with others).

After downloading and extracting the LinkedIn/tumblr breaches from the above magnet link, we're practically done. Around 80% of the difficulty in this challenge is just finding a place to obtain the breaches.

First we search tumblr's breach for our target.

$ grep '[email protected]' Tumblr_2013_users.txt
[email protected]:381358ec15103e02ad5eb526c1d35468d5045de3
Now we find all tumblr accounts with this matching password hash.

$ grep '381358ec15103e02ad5eb526c1d35468d5045de3' Tumblr_2013_users.txt
h[redacted]@nifty.com:381358ec15103e02ad5eb526c1d35468d5045de3
g[redacted]@hotmail.com:381358ec15103e02ad5eb526c1d35468d5045de3
van_[redacted]@hotmail.com:381358ec15103e02ad5eb526c1d35468d5045de3
d[redacted]@gmail.com:381358ec15103e02ad5eb526c1d35468d5045de3
e[redacted]@gmail.com:381358ec15103e02ad5eb526c1d35468d5045de3
h[redacted]@hotmail.com:381358ec15103e02ad5eb526c1d35468d5045de3
...
We find 23 accounts with the same password. Now we're going to search the LinkedIn dump for these accounts with the same password. You can do them one by one, chain them together, whatever. You'll find that van_[redacted]@hotmail.com appears in the LinkedIn dump and will be our target that works.

Note that the LinkedIn dump is in multiple files, so we use a slightly different syntax for grep.
Also note the email doesn't actually contain the word [redacted] in it.

$ cd LinkedIn/
$ grep -r 'van_[redacted]@hotmail.com' *
1.sql.txt:INSERT INTO idemail VALUES ('69513905', 'van_[redacted]@hotmail.com');
We found van_[redacted]@hotmail.com with userid 69513905. It looks like the password is in a different file connected to the userid instead of the email, so let's search for that.

$ grep -r '69513905' *
6.txt:69513905:085eac7690dba5d266658c0a...[truncated]
There's our hash, "085eac7690dba5d266658c0a...[truncated]". There's a bunch of ways to crack the password from that hash. Usually the easiest and first thing to try is something like hashkiller.co.uk. As it turns out, hashkiller successfully cracks this hash and gives you the plaintext password, and thus the flag.