- Poloniex denies that there were data leaks after it asked its few users to reset their passwords.
- Poloniex is the US-based digital asset exchange that provides advanced trading options contacted a list of leaked email addresses to reset their passwords.
Poloniex informed on Thursday that the exchange did not provide the information of the data leak. Poloniex is the US-based cryptocurrency exchange for trading digital currencies and other advanced trading features that was founded in the year 2014.
The news has come after the Poloniex had contacted some of its users from a list of leaked email addresses and forced them to reset their credentials to avoid any misuse with login credentials. The exchange said, “Earlier this week, we emailed a small group of our customers (about 1% of our total base), requiring them to reset their Poloniex password in response to a tweet claiming to contain a list of leaked email addresses and passwords,” in its statement. And has confirmed that, “To confirm, there was no information or data leak originating from Poloniex, and our actions represented a swift response to an external threat.”
In another statement, Poloniex has given the details of their investigation, explaining, “Our investigation has concluded that approximately 90% of the passwords listed already appear in the haveibeenpwned.com list of exploited passwords. Additionally, our security team is in touch with haveibeenpwned.com and has requested that they update their database to include additional missing information we have identified.” And Poloniex further added, “passwords in plain text or any recoverable form. Rather, it stores them as salted bcrypt hashed” and went also explaining “[l]ess than 5% of the email addresses on the posted list were associated with Poloniex accounts.”