Only two days after it warned some of its users to reset their account passwords, crypto exchange Poloniex now denies claims of a data security breach on the platform.

In a statement released on Thursday, January 2, 2020, the exchange stated that the information that went viral on social media did not come from its registry.

“Earlier this week, we e-mailed a small group of our customers (about 1% of our total base), requiring them to reset their Poloniex password in response to a tweet claiming to contain a list of leaked email addresses and passwords. To confirm, there was no information or data leak originating from Poloniex and our actions represented a swift response to an external threat," the exchange stated.

On Monday, December 30, 2019, the crypto exchange sent e-mails to some of its customers after a tweet went viral containing a list of e-mail addresses and passwords, with claims that they originated from Poloniex.

Data Does Not Belong to Poloniex

In the latest statement, the exchange cleared the air that the list did not come from its database.

“Our investigation has concluded that approximately 90% of the passwords listed already appear in the haveibeenpwned.com list of exploited passwords. Additionally, our security team is in touch with haveibeenpwned.com and has requested that they update their database to include additional missing information we have identified," the exchange clarified.

Poloniex further highlighted that the exchange only stores users’ passwords as bcrypt hashes, as opposed to plain text or any other form that makes them recoverable. It added that only “less than 5% of the email addresses on the posted list were associated with Poloniex accounts.”

Defending the Response

In defense of its earlier warning to its users, Poloniex stated that its immediate priority was to guarantee the safety of their customers’ accounts. Consequently, it advised the potentially impacted clients to reset their passwords, as users are likely to reuse passwords or slightly altered versions of the same.

Secondly, the exchange said it wanted to verify the source of the leak and can now confirm that both the list and the data contained therein did not come from its records.

Overall, the crypto exchange has assured its customers who did not receive the e-mail for a password reset to remain calm and confident that their accounts are safe. With few of the posted emails associated with the exchange, it shows that most of the customers were not affected.

source>>https://www.cryptoknowmics.com/news/poloniex-exchange-now-refutes-data-leak-after-warning-users-to-reset-passwords