The Poloniex cryptocurrency exchange is forcing users to reset their passwords following a data leak.

Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a data leak.

The measure was necessary to prevent spear-phishing attacks against the users aimed at stealing credentials or at delivering malware designed to steal their funds.

On December 30th, 2019, users began receiving a message from the Poloniex exchange notifying them of the data leak. According to the company user name and password for the platform may have been included in a data leak disclosed on Twitter by a user that goes online with the handle @charlysatoshi.

@charlysatoshi

shared a screenshot of the data breach notification email sent by the trading platform to its users, the message said that almost all of the leaked accounts don’t belong to Poloniex accounts.

“While almost all of the email addresses listed do not belong to Poloniex accounts, we are forcing a password reset on any email addresses that do have an account with us, including yours,” states the email.

The Poloniex exchange’s support team confirmed on December 30 the authenticity of the message in a public Tweet.

This is a real email! Please reset your password for account security — Poloniex Customer Support (@PoloSupport) December 30, 2019

At the time of writing the source of the data leak was still unclear.

Let me suggest to the impacted users to change their password at these other sites to prevent being victims of credential stuffing attacks.

Pierluigi Paganini

(SecurityAffairs – Poloniex exchange, hacking)