Poloniex Crypto Exchange Acknowledges Critical Data Leak, Enforces Password Reset
Cryptocurrency exchange Poloniex has enforced a password reset for all clients as the company faced a force majeure in the form of passwords and email address leak via Twitter.
On December 30, the exchange sent an email to its clients, warning them that a list of trickled email addresses and passwords could likely to be utilized to access Poloniex accounts.
The exchange enforced a password reset on all email addresses that are registered as a member of the exchange.
The email explains the situation as follows:
“While almost all of the [leaked] email addresses listed do not belong to Poloniex accounts, we are forcing a password reset on any email addresses that do have an account with us, including yours.”
A client of Poloniex misunderstood the alert message as a scam and tweeted about it to receive the attention of other members of the exchange.
This placed Poloniex client support division in an awkward position and triggering a need to send another clarification email.
The client support department sent another email stating that the password reset advice was real and not a scam.
“This is a real email! Please reset your password for account security.”
— Charly (@charlysatoshi) December 30, 2019
There is no clarity as to how the email address and passwords reached Twitter in the first instance and what percentage of the leaked info was really related to clients of Poloniex.
Last month, there were news reports indicating that Poloniex now owns and operates the largest decentralized exchange on Tron (TRX) blockchain network.
The information was also confirmed by Justin Sun, CEO of Tron. Notably, Poloniex has decided to rechristen the TRX Market as Poloni DEX.