Author

Topic: possible Poloniex leak/hack? (Read 229 times)

sr. member
Activity: 462
Merit: 254
February 12, 2018, 05:16:17 PM
#15
But 2FA is not neccessary, if the email is secured. I didn't see any statement from Poloniex yet. Think, it is fake leak, but it is nevertheless a bad taste and I can understand prople, who withfraw their money.
legendary
Activity: 3318
Merit: 1247
Bitcoin Casino Est. 2013
February 12, 2018, 10:55:14 AM
#14
It looks like it is a big BS from some random dude in the internet. People who have their account at Poloniex secured with 2FA from Google Authenticator and also have their email secured with 2FA have nothing to worry about. The only people who should definitely change the password are the ones who have their Poloniex account without 2FA security and also their email is not 2FA secured. I have an account at Poloniex secured with 2FA and also my email secured with 2FA so I am not bothering changing my password.
hero member
Activity: 1526
Merit: 596
February 11, 2018, 02:36:12 AM
#13
Hopefully it's nothing and the guy is just larping but someone posted a snippet of, allegedly, poloniex' log in credentials and is threatening to dump complete list tomorrow:

https://twitter.com/poloniexhack/status/962288838692474880

Let's wait and see till tomorrow whether he delivers.

Edit: if he tweets any link tomorrow, be extra cautious and inspect before clicking/downloading anything.


It's BS... He obviously can't do any damage even if he's got the files, otherwise he want try to extort in public but rather try to withdraw as much funds from the system as he possibly could before they force reset everyone's password.

No hacker would ever show to the public what they've been able to achieve and basically warn poloniex about what's upcoming.

I'm guessing that either he's going to try to get greedy people to buy this so called database from him or just cause a widespread panic about poloniex and try to demand money from them. Either way, this is a poorly thought out attempt of scamming.

Change your password nonetheless, doesn't hurt to do it.
legendary
Activity: 966
Merit: 1042
February 10, 2018, 11:25:32 PM
#12
Even if it's real what does it matter? This guy wouldn't give people 24h. He would have gotten everything he possibly could have then split. This has got to be fake. When is he supposed to prove that he's legit? Glad I got everything out of that shithole anyway.
legendary
Activity: 1652
Merit: 1088
CryptoTalk.Org - Get Paid for every Post!
February 10, 2018, 10:58:17 PM
#11
this is a big lie
even if someone knew your email and password,he still can not log in cause poloneix send a code to your email address whenever you try to sign in

This. They need to crack both your Poloniex and email passwords to get in.
full member
Activity: 250
Merit: 106
February 10, 2018, 09:47:28 PM
#10
Not only because of a possible hack, it is generally not recommendable to entrust exchangers bigger funds and longer than neccessary.
But I nevertheless think, it is fake to gain many followers.
legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
February 10, 2018, 06:57:15 PM
#9
...It just doesn't look legit to me. ...

It's likely 99.9% bullshit. Apparently those emails/passwords are invalid (didn't check that myself though).

Some of them apparently work and ask for 2FA -- but a good hoaxer would include real accounts on the list. Some of the accounts show up on Haveibeenpwned, so they may have just pulled from old leaks. The fact that there's a typo on the list ("gmai.com") suggests it wasn't dumped from Poloniex's database. It could have been scraped from a phishing site, but it doesn't look like a legit hack.

If he was legit, he would contact Polo directly for ransom/bounty demand, then Polo would have no choice but to take immediate actions like sending mass emails asking everyone to change their passwords.

I reckon it's either a troll, or he just wants to hype it up to get people to click or download whatever he'll post tomorrow, which could be a malware.

Looks like an FUD attempt to me.
legendary
Activity: 2240
Merit: 1069
February 10, 2018, 06:43:37 PM
#8
Thanks for the information, I have some coins in poloniex. This saved me.

This are just username and passwords, right? If your account is 2FA protected, they cannot get into your money.

Will this start a run from poloniex?
sr. member
Activity: 2618
Merit: 439
February 10, 2018, 06:35:30 PM
#7
...It just doesn't look legit to me. ...

It's likely 99.9% bullshit. Apparently those emails/passwords are invalid (didn't check that myself though). If he was legit, he would contact Polo directly for ransom/bounty demand, then Polo would have no choice but to take immediate actions like sending mass emails asking everyone to change their passwords.

I reckon it's either a troll, or he just wants to hype it up to get people to click or download whatever he'll post tomorrow, which could be a malware.



But I will still to remain cautious as @Welsh have mentioned, There's nothing wrong that being safe than sorry. We have seen this acts before and most of them are completely trolling and just wanted some clickbait to install malicious code such as Trojan / Malware to steal your password.

Lets see, I don't have a Polo account but I will follow and see how it goes.

I LOL'ed at someone who said that its legit because he did verify some of the account in the snippet. Or it could be very well another fake account of the trolls to bring credibility.
sr. member
Activity: 610
Merit: 261
February 10, 2018, 06:30:57 PM
#6
i think he is trying to make polo members scared with such lies to withdraw their coins and make polo falls for some other competitor
legendary
Activity: 2436
Merit: 1561
February 10, 2018, 06:25:17 PM
#5
...It just doesn't look legit to me. ...

It's likely 99.9% bullshit. Apparently those emails/passwords are invalid (didn't check that myself though). If he was legit, he would contact Polo directly for ransom/bounty demand, then Polo would have no choice but to take immediate actions like sending mass emails asking everyone to change their passwords.

I reckon it's either a troll, or he just wants to hype it up to get people to click or download whatever he'll post tomorrow, which could be a malware.

sr. member
Activity: 610
Merit: 261
February 10, 2018, 06:16:58 PM
#4
this is a big lie
even if someone knew your email and password,he still can not log in cause poloneix send a code to your email address whenever you try to sign in
hero member
Activity: 644
Merit: 501
February 10, 2018, 06:10:20 PM
#3
Regardless of whether this is true or not it would be wise for anyone to change their credentials even at the slightest risk of this being true. Also, if this is true then expect your email to get phishing links and all sorts of spam.

Also, remove any coins you have stored on the exchange.

Yeah agreed. regardless of whether this is a legit hack in the system or not, you should change your password whenever this happens and regularly even if nothing happens, every half a year or a few months at a time.

Obviously the twitter account could be fake, and a troll is behind it... He could have registered multiple accounts himself and published the throwaway passwords of those.

It just doesn't look legit to me. Most likely a troll or an extortionist who wants money. It's hard to believe that all the user credentials can be stolen at one time.
staff
Activity: 3304
Merit: 4115
February 10, 2018, 05:55:41 PM
#2
Regardless of whether this is true or not it would be wise for anyone to change their credentials even at the slightest risk of this being true. Also, if this is true then expect your email to get phishing links and all sorts of spam.

Also, remove any coins you have stored on the exchange.
legendary
Activity: 2436
Merit: 1561
February 10, 2018, 05:52:26 PM
#1
Hopefully it's nothing and the guy is just larping but someone posted a snippet of, allegedly, poloniex' log in credentials and is threatening to dump complete list tomorrow:

https://twitter.com/poloniexhack/status/962288838692474880

Let's wait and see till tomorrow whether he delivers.

Edit: if he tweets any link tomorrow, be extra cautious and inspect before clicking/downloading anything.
Jump to: