Crypto Exchange Poloniex is forcing its customers to reset the passwords of their accounts after a list of emails and associated passwords, claiming to be Poloniex credentials, were leaked on Twitter.
The exchange sent emails to all its customers on Monday, informing them about the leak and its decision to forcefully reset passwords of every account.
The decision was taken as a precautionary measure as the exchange is claiming that most of the addresses on the list do not belong to its customers. However, a move of such a scale on the part of the exchange definitely raised some alarms.
“While almost all of the [leaked] email addresses listed do not belong to Poloniex accounts, we are forcing a password reset on any email addresses that do have an account with us, including yours,” the email stated.
Though many clients of the exchange were skeptical about the authenticity of the email, the official Twitter handle of Poloniex customer support confirmed its authenticity.
This is a real email! Please reset your password for account security
— Poloniex Customer Support (@PoloSupport) December 30, 2019
The exchange even posted the steps to add two-factor authentication to the accounts amid the fiasco.
Steps to set up 2FA: - Install an authenticator application on your phone - Click 2FA in your Polo settings - Scan the barcode or manually enter the 16 digit key - Safely store your backup code & QR code in case your phone gets lost, stolen, or erased
Tada! ? — Poloniex Customer Support (@PoloSupport) December 30, 2019
Email leak - a security threat to the exchanges
Leaked emails of crypto exchange accounts are significant security threats. At the end of October, an email from the crypto derivatives exchange BitMEX accidentally revealed the emails of several customers, after which they were forced to change the access credentials.
The BitMEX incident also forced other exchanges, including Binance, to warn their customers if their emails were on the list.
Meanwhile, Poloniex spun off from Circle in October and rebranded to Polo Digital Assets. The unnamed Asian investors-backed company will also cease its operation in the United States after today.