Pierluigi Paganini
January 02, 2020
Another bad news for the community of the virtual currencies communities, the Poloniex
The measure was necessary to prevent spear-phishing attacks against the users aimed at stealing credentials or at delivering malware designed to steal their funds.
On December 30th, 2019, users began receiving a message from the Poloniex exchange notifying them of the data leak. According to the company user name and password for the platform may have been included in a data leak disclosed on Twitter by a user that goes online with the handle @charlysatoshi.
@Poloniex be careful with this Scam email we are getting in our emails #BTC #LTC #ETH #DASH #Crypto #Poloniex pic.twitter.com/untSVGfwAM
— Charly (@charlysicardo) December 30, 2019
shared a screenshot of the data breach notification email sent by the trading platform to its users, the message said that almost all of the leaked accounts don’t belong to Poloniex accounts.
“While almost all of the email addresses listed do not belong to Poloniex accounts, we are forcing a password reset on any email addresses that do have an account with us, including yours,” states the email.
The Poloniex exchange’s support team confirmed on December 30 the authenticity of the message in a public Tweet.
This is a real email! Please reset your password for account security
— Poloniex Customer Support (@PoloSupport) December 30, 2019
At the time of writing the source of the data leak was still unclear.
Let me suggest to the impacted users to change their password at these other sites to prevent being victims of credential stuffing attacks.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Poloniex exchange, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
