Poloniex Crypto Exchange Confirms External Data Leak After Awkward Email

Cryptocurrency exchange Poloniex has forced a password reset s due to a leaked list of email addresses and passwords on Twitter. According to Poloniex Security Architect Neil Smithline 5.5% of the posted Twitter list contained email addresses associated with a Poloniex account. 

On Dec. 30, the exchange emailed its customers as a security precaution to inform them that a list of leaked email addresses and passwords that appeared on another website could potentially be used to log in to Poloniex accounts. The exchange forced a password reset on any email addresses on the list that have an account with the exchange. The email reads:

“While almost all of the [leaked] email addresses listed do not belong to Poloniex accounts, we are forcing a password reset on any email addresses that do have an account with us, including yours.”

Poloniex customer thinks the exchange’s email is a scam

A Poloniex customer was convinced that the exchange’s email was a scam and took to Twitter to bring attention to the perceived hoax. This put Poloniex customer support into the awkward position of having to explain that the email was indeed real and not a scam. “This is a real email! Please reset your password for account security,” they responded.

It is unclear how the email addresses and passwords landed on Twitter in the first place.

Smithline, told Cointelegraph that only 5.5% of information that appeared on the list is associated with Poloniex accounts was included on the list. Smithline said:

“We received via Twitter a list of 950,000 or so email and password combinations claiming to be a leak from our database. We looked at that data and it clearly was not a leak from our database. We only knew about 5 and a half percent of the users in our database, which is a suspiciously high number. Wherever the leak came from was almost certainly another crypto site.”

Poloniex and the largest decentralized exchange on Tron

At the end of November, Cointelegraph reported that Poloniex now controls the largest decentralized exchange on blockchain network Tron (TRX). Confirmed by Tron CEO Justin Sun, Poloniex will operate TRX Market under the new name Poloni DEX.

UPDATE: UTC 7:00pm, Wednesday, Jan. 8: This article has been updated to correct a factual error . A Poloniex representative has informed Cointelegraphthat a password reset was not forced upon all accounts — only 5.5 percent of the posted Twitter list contained email addresses associated with a Poloniex account. These users had to reset passwords to ensure the protection of those accounts.