Popular cryptocurrency exchange Poloniex has clarified that it didn’t suffer a data leak, days after resetting its users’ passwords over a leak on social media.
According to an announcement the cryptocurrency exchange published, it emailed around 1% of its users earlier this week over the leak it saw on microblogging platform Twitter, which claimed to contain leaked email addresses and passwords of Poloniex users.
As CryptoGlobe reported, the exchange noted at the time nearly all of the email addresses within the leak did not belong to Poloniex customers, but it was nevertheless “forcing a password reset on any email address” that has an account with it. In its announcement, it now clarified the leaked data didn’t originate from Poloniex:
To confirm, there was no information or data leak originating from Poloniex and our actions represented a swift response to an external threat.
Poloniex clarified its priority was to ensure its users were safe, adding it never stores users’ passwords in plain text, but stores them as salt bcrypt hashes. After investigating the leak, it found roughly 90% of the listed passwords were already showing up databases of exploited passwords.
The exchange says it reached out to haveibeenpwned, a service letting users know whether their email addresses, passwords, and other information have been leaked in high-profile incidents. Some of the email addresses within the leak weren’t previously included, according to Poloniex.
In total, less than 5% of the leak email addresses were associated with Poloniex accounts, the exchange clarified. Poloniex has late last year spun out of Circle to become an independent company, in which TRON Foundation CEO Justin Sun says he invested in. While its trading volume has been growing, data shows users have been withdrawing their funds from the platform since.
Featured image via Pixabay.