US-based cryptocurrency exchange Poloniex has enforced a mandatory password reset for account holders following a suspected data leak.
Earlier this week, Poloniex emailed around 1% of their customer base, informing them that they had to reset their Poloniex password, following a tweet claiming to contain a list of leaked email addresses and passwords.
Customers took to Twitter, claiming that the email itself was a phishing scam, however Poloniex published a blog post to verify the emails.
“Our immediate priority was to ensure that our customers’ accounts were safe. As a result, we reset the passwords of potentially impacted customers, as users often reuse passwords or minor variants of the same password,” said Poloniex.
Poloniex has confirmed that the list and the information it contained, did not originate from Poloniex. The company added that following an investigation, it was discovered that approximately 90% of the passwords listed already appear in the ihavebeenpwned.com website.
“If you have a Poloniex account and did not receive an email from us related to this, you can be confident that your email address was not on the list. Less than 5% of the email addresses on the posted list were associated with Poloniex accounts.”
In light of increasing phishing scams, this incident highlights the difficulty companies have to go through to prove legitimacy when sending important warning emails.
The post #Privacy: Cryptocurrency exchange forced to reset customer passwords appeared first on PrivSec Report.