CryptoCurrency exchange service Poloniex is resetting their users passwords. This follows a data leak that affects a portion of their users.
If you use of the Poloniex CryptoCurrency exchange service, these last few days may not have been the most pleasant. This is because the exchange suffered from a data leak. In response to the leak, Poloniex opted to reset the passwords of their users. Some users wondered if the message was legitimate. The service confirmed that the message is, in fact, real. From ZDnet:
In light of this trend, cryptocurrency holders need to verify password reset emails as legitimate before proceeding — and an email blasted to Poloniex users last week was recently confirmed as authentic over Twitter.
A Twitter user under the handle @charlysatoshi posted a screenshot of an email they received, purporting to be from Poloniex, warning of the “scam” message.
The email said that a list of leaked email addresses and passwords had been discovered on the microblogging platform, spreading with the claim that the credentials could be used to access Poloniex accounts.
“While almost all of the email addresses listed do not belong to Poloniex accounts, we are forcing a password reset on any email addresses that do have an account with us, including yours,” the email reads.
What is interesting here is that it looks unlikely that the leak originated from Poloniex, but rather, from another source. Different services have been known to react differently to such incidences. Take, for instance, how Ring reacted when people suspected that their information was leaked by their services. They simply blamed credential stuffing and dusted their hands of it. Of course, this drew harsh criticism from the Electronic Frontier Foundation after they accused the company of throwing customers under the bus.
Poloniex is definitely reacting to this in the opposite way here. They matched any e-mail addresses of known customers and reset their passwords seemingly out of an abundance of caution. The service says that the issue affects about 1% of their customers, so most users will likely not even see any of this on their end.
While ZDNet refers to other security incidences in the past with cryptocurrency services, the reaction of the service is actually quite reasonable. This is especially so considering some of the ways other companies reacted to a data leak or breach. Who could forget the reasons an Equifax executive was jailed following their own security meltdown in 2017?
Unless more details emerge that changes the story, this is actually a pretty positive one given the circumstances.