Poloniex Data Leak on Twitter - page 2.

joshy23

sr. member

Activity: 1078

Merit: 256

Quote from: rijaljun on January 01, 2020, 09:13:30 AM

Similar to what happened to BitMex months ago. The issue could happen in every centralized exchange so not gonna get surprised with this. Users should be aware of this kind of issue since the beginning. But at least, this one has a funny part, such as an awkward momment. LOL.

Yes, there's no escape once you missed to protect your business, hackers are always looking for opportunities and with how poloniex needs to
adjust after this incidents traders also needs to comply, if there's a need of changing password and if possible to withdraw your assets for a
while and secure everything while this still in process of correction.

justdimin

hero member

Activity: 3164

Merit: 675

www.Crypto.Games: Multiple coins, multiple games

They are literally backed by a huge wall street company, how are they letting something like this happen when they have trillions of dollars in their funds? Sure they are their own company as well but they are owned by Circle which is a multi billion dollar company and an app that is known all around the world and getting a big chunk of the market share as we speak and that company Circle? That is owned by Goldman Sachs (sort of, they own small part of it) which is the trillion dollar fund that I was talking about.

I understand hackers will hack things and even NASA has been hacked couple times now and people see it as a challenge at this point but honestly I would expect them to make their security better and at least save their customers information.

leowonderful

legendary

Activity: 1624

Merit: 1130

Bitcoin FTW!

I assume the exchange allows for the use of 2FA? That would be one potential positive (and a feature every exchange should offer), though even 2FA does have vulnerabilities that could result in malicious people accessing your exchange accounts.

You might also want to change your passwords for other sites if you have a tendency to use the same password for multiple sites. Hackers like to bruteforce logins on a variety of websites with leaked data, and you never know if another one of your important accounts could be compromised.

Landak

hero member

Activity: 1386

Merit: 503

terrible, many market exchanges that have a very good reputation suddenly appear shocking news like that, customer data is leaked to the public. I am a poloniex customer but I never get an email to be told to change my password, I feel safe because I use 2fa. for others, be careful not to use the same password when creating accounts on every website, exchange market, or whatever.

kolonel_x

sr. member

Activity: 1092

Merit: 250

Quote from: Aveatrex on January 01, 2020, 01:42:13 AM

The funny part is actually there is some users that thought the email sent by Poloniex was a phishing attempt and not a genuine email Grin

I also received an email from Poloniex and I thought it was just phishing because of frequent email entry like that, if it is official from Poloniex to make a password change to every user then I will do it as soon as possible, because I have ignored the email message .
And want to find out about Poloniex data leakage.

dothebeats

legendary

Activity: 3542

Merit: 1352

Cashback 15%

The immediate response to a data breach would be to mitigate the damage by immediately sending out notices and a password change form to the users within a few hours after the data breach was known.

That's why it's nwvwr advisable to use the same passwords in different websites in the firat place as it clearly invites your accounts to get hacked at one point and you losing all the data in the process.

Never really liked Poloniex in its current state and idk whether people still trade in there but good thing they acted quickly to inform their user-base about the leak.

iamaruf

sr. member

Activity: 1064

Merit: 265

Vave.com - Crypto Casino

Quote from: Aveatrex on January 01, 2020, 01:42:13 AM

The funny part is actually there is some users that thought the email sent by Poloniex was a phishing attempt and not a genuine email Grin

It’s not funny part mate.Even I will not believe that It's true.Because the user didn’t try to reset password but he received the mail.how people believe it? Though I will check it twice to,If I receive the same mail.I am just replying this because you told it funny part,but I don’t Think.Thank you.

Ucy

sr. member

Activity: 2674

Merit: 403

Compare rates on different exchanges & swap.

Quote

The funny part is actually there is some users that thought the email sent by Poloniex was a phishing attempt and not a genuine email

I think the users did the right thing. I would be suspicious too. But it's better not to ignore message like that completely. A more sensible thing to do in such situations is to trust but verify
The users should probably go to the exchange verified Twitter handle to access the website safely.

rijaljun

sr. member

Activity: 1274

Merit: 267

Similar to what happened to BitMex months ago. The issue could happen in every centralized exchange so not gonna get surprised with this. Users should be aware of this kind of issue since the beginning. But at least, this one has a funny part, such as an awkward momment. LOL.

boris singer

sr. member

Activity: 882

Merit: 268

I tried to find and have not found authentic evidence, just a tweet from their Polosupport twitter account. It's better to change data manually as soon as possible. Poloniex just removed Kyc's obligation to new users around December 23, and then this problem appeared 7 days after that. as long as 2fa is still active, no need to worry and immediately take the necessary security steps.

topbitcoin

hero member

Activity: 1694

Merit: 691

Vave.com - Crypto Casino

Quote from: MURONDI on January 01, 2020, 06:36:50 AM

are you sure about your statement, I am a poloniex user but do not receive messages as you mentioned, on the 30th there was an email but it was about the announcement of smaller fees, if there is indeed a leak it will indeed be very detrimental to the user, despite using 2fa security, I'm sure many users have the same password for other sites,

Actually i am not get Poloniex's email too. But if something like this happen and a lot of people talk about it, i will change my password immediately although already put 2fa. Something like this really dangerous especially if data of someone who maybe careless and use same password in a lot of his accounts, other accounts can get affected by it.

MURONDI

sr. member

Activity: 812

Merit: 257

are you sure about your statement, I am a poloniex user but do not receive messages as you mentioned, on the 30th there was an email but it was about the announcement of smaller fees, if there is indeed a leak it will indeed be very detrimental to the user, despite using 2fa security, I'm sure many users have the same password for other sites,

panganib999

hero member

Activity: 1750

Merit: 589

Quote from: milewilda on January 01, 2020, 04:40:56 AM

Sometimes being too paranoid when it comes to phishing or hacking so i cant blame those person who do said such thing.They do just believed out on how secure Poloniex is and once
they do able to read it up then they do believe that its just an another phishing email without even realizing or having second thoughts that it is a legit one.
Data Leaks? Im not already surprised anymore when it comes to this.

It's not really being paranoid but rather wanting to secure their accounts and preventing themselves from being scammed because of a "possible" fake mail from Poloniex. Data leaks are already a part of any tech out there and it isn't really surprising for such things to occur, but the quickness of the counter movement of the company themselves is the measure of whether the trust is well equipped for such situations. Sadly, Poloniex fails at this with their failure of announcing it officially and instead emailing their users, which led to a lot of people believing it to be a scam.

piebeyb

legendary

Activity: 2464

Merit: 1039

Bitcoin Trader

Quote from: Aveatrex on January 01, 2020, 01:42:13 AM

I speculate that a database from another exchange or cryptocurrency related website was leaked and therefore users that use the same password/email everywhere could potentially be a victim of unauthorized access to their accounts.That's why you should not use same passwords everywhere you sign up and opt for offline password generators; stay safe folks.

everyone needs to pay attention to the email received whether it is official or just a fake email, but in my opinion maybe for those who activate 2FA on emails and poloniex accounts I think it will be safe, if in my mind a lot of passwords generated by the generator password will make too many stacks are stored, in fact this I have also applied that the passwords that I usually register on several sites are never the same, just a little difference from the password but do not have to accumulate passwords somewhere, because it's easy to remember

milewilda

legendary

Activity: 3094

Merit: 1127

Quote from: Aveatrex on January 01, 2020, 01:42:13 AM

The funny part is actually there is some users that thought the email sent by Poloniex was a phishing attempt and not a genuine email Grin

Sometimes being too paranoid when it comes to phishing or hacking so i cant blame those person who do said such thing.They do just believed out on how secure Poloniex is and once
they do able to read it up then they do believe that its just an another phishing email without even realizing or having second thoughts that it is a legit one.
Data Leaks? Im not already surprised anymore when it comes to this.

clickerz

hero member

Activity: 1414

Merit: 505

Backed.Finance

Quote from: Aveatrex on January 01, 2020, 01:42:13 AM

I speculate that a database from another exchange or cryptocurrency related website was leaked and therefore users that use the same password/email everywhere could potentially be a victim of unauthorized access to their accounts.

No way. Poloniex wouldn't ask users to change their passwords over that. I think it's obvious they had a database compromised and are downplaying the severity of what happened.

Quote from: Wexnident on January 01, 2020, 02:15:48 AM

Well, the quickness of their action goes to show that they were legitimately prepared for any breaches on their database though, which should really be commended to them.

I hope the account with 2FA activation upon login is safe.Still we need to update our password.

Quote from: exstasie on January 01, 2020, 03:01:43 AM

I guess you're a "glass half full" kind of guy?

They haven't mentioned anything on Twitter or posted an official announcement about it. Kind of shady, really.

Hmm... maybe they are still verifying and investigating the said incident.

Wexnident

hero member

Activity: 2702

Merit: 672

I don't request loans~

Quote from: exstasie on January 01, 2020, 03:01:43 AM

Quote from: Wexnident on January 01, 2020, 02:15:48 AM

Well, the quickness of their action goes to show that they were legitimately prepared for any breaches on their database though, which should really be commended to them.

I guess you're a "glass half full" kind of guy?

They haven't mentioned anything on Twitter or posted an official announcement about it. Kind of shady, really.

Erm, Might not be an announcement made but a comment made by the support itself was made to the doubtful twitter post though which says

Quote

This put Poloniex customer support into the awkward position of having to explain that the email was indeed real and not a scam. “This is a real email! Please reset your password for account security,” they responded.

The said twitter link could be found on the link provided by OP, so I assumed the announcement regarding it was true. Just checked the said twitter account of the support, and I indeed failed to find an official announcement about it, BUT contained the said comment regarding the email to be true, which is weird.

Apologies if I made a wrong assumption bout that.

exstasie

legendary

Activity: 1806

Merit: 1521

Quote from: Aveatrex on January 01, 2020, 01:42:13 AM

I speculate that a database from another exchange or cryptocurrency related website was leaked and therefore users that use the same password/email everywhere could potentially be a victim of unauthorized access to their accounts.

No way. Poloniex wouldn't ask users to change their passwords over that. I think it's obvious they had a database compromised and are downplaying the severity of what happened.

Quote from: Wexnident on January 01, 2020, 02:15:48 AM

Well, the quickness of their action goes to show that they were legitimately prepared for any breaches on their database though, which should really be commended to them.

I guess you're a "glass half full" kind of guy?

They haven't mentioned anything on Twitter or posted an official announcement about it. Kind of shady, really.

Wexnident

hero member

Activity: 2702

Merit: 672

I don't request loans~

Pity about it. Well, the quickness of their action goes to show that they were legitimately prepared for any breaches on their database though, which should really be commended to them. Not familiar with how the reset goes, but shouldn't it be like Poloniex gives a link, user changes password through that? If the pass change asks for the old password, it could be possible to realize it is a scam, but if it doesn't, I don't suppose you'd need to label it as a scam there and then. Just create a very unique one I suppose.

Quote from: Aveatrex on January 01, 2020, 01:42:13 AM

The funny part is actually there is some users that thought the email sent by Poloniex was a phishing attempt and not a genuine email Grin

Shouldn't it be easily noticeable if the email sent is legit from Poloniex or not?

Aveatrex

sr. member

Activity: 840

Merit: 375

Poloniex sent out an email requesting password change to users after seeing a leak of emails and passwords on Twitter.

Quote

On Dec. 30, the exchange emailed its customers to inform them that a list of leaked email addresses and passwords could potentially be used to log in to Poloniex accounts. The exchange forced a password reset on any email addresses that have an account with the exchange.

read more:https://cointelegraph.com/news/poloniex-crypto-exchange-confirms-data-leak-after-awkward-email

I speculate that a database from another exchange or cryptocurrency related website was leaked and therefore users that use the same password/email everywhere could potentially be a victim of unauthorized access to their accounts.That's why you should not use same passwords everywhere you sign up and opt for offline password generators; stay safe folks.

The funny part is actually there is some users that thought the email sent by Poloniex was a phishing attempt and not a genuine email Grin

Topic: Poloniex Data Leak on Twitter - page 2. (Read 365 times)