In short, the password has been always in plain sight, printed in the book by Guardian journalist David Leigh titled "Inside Julian Assange's War on Secrecy". The Guardian claims that they were told by Assange that the password would be changed a few days after the journalist downloaded the file.
Unfortunately, the file was inadvertently picked up by Daniel Domscheit-Berg when he left the organization and took a dataset off the server containing the file with him. Once he returned that which he took to WikiLeaks, the whole content was shared online via BitTorrent by WikiLeaks supporters, who were also unaware that the file in question was there.
In the recent escalating war of words between Domscheit-Berg and Assange, the former tried to prove that Assange and WikiLeaks couldn't be trusted with sensitive data. According to Der Spiegel, people associated with OpenLeaks began hinting of the existence of the file "in the wild".
Finally, somebody pointed Der Freitag - a German weekly publication and OpenLeaks partner - in the direction of the location of the password. They didn't share the actual information with the public, but confirmed that anyone familiar with the material could find it. It took only a couple of days for that claim to be proven right, and the password was revealed.
WikiLeaks accused the Guardian and its journalist of being responsible for the leak and has spoken to the US State Department in order to commence legal action against the paper and the journalist, and to make sure that the informants mentioned in the cables were warned about the danger they might find themselves in following this mess.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.