Cryptocurrency exchange Poloniex has forced a password reset for 5.5% of its customers due to a leaked list of email addresses and passwords on Twitter.
On Dec. 30, the exchange emailed its customers to inform them that a list of leaked email addresses and passwords could potentially be used to log in to Poloniex accounts. The exchange forced a password reset on any email addresses on the list that have an account with the exchange. The email reads:
“While almost all of the [leaked] email addresses listed do not belong to Poloniex accounts, we are forcing a password reset on any email addresses that do have an account with us, including yours.”
Poloniex customer thinks the exchange’s email is a scam
A Poloniex customer was convinced that the exchange’s email was a scam and took to Twitter to bring attention to the perceived hoax. This put Poloniex customer support into the awkward position of having to explain that the email was indeed real and not a scam. “This is a real email! Please reset your password for account security,” they responded.
It is unclear how the email addresses and passwords landed on Twitter in the first place, and what percentage of the leaked data actually contains current data from Poloniex customers.
Poloniex Security Architect, Niel Smithline, told Cointelegraph that he assumes 5 and a half percent of Poloniex customers information was included on the list. Smithline said:
“We received via Twitter a list of 950,000 or so email and password combinations claiming to be a leak from our database. We looked at that data and it clearly was not a leak from our database. We only knew about 5 and a half percent of the users in our database, which is a suspiciously high number. Wherever the leak came from was almost certaintly another crypto site.”
Poloniex and the largest decentralized exchange on Tron
At the end of November, Cointelegraph reported that Poloniex now controls the largest decentralized exchange on blockchain network Tron (TRX). Confirmed by Tron CEO Justin Sun, Poloniex will operate TRX Market under the new name Poloni DEX.
UPDATE: UTC 11:00pm, Friday, Jan. 3: This article has been updated to correct a factual error . A Poloniex representative has informed Cointelegraphthat a password reset was not forced upon all accounts — only 5.5 percent of the users in the database containing leaked information had to reset passwords to ensure the protection of those accounts.