Serviceteam IT Security News

A cryptocurrency exchange has been forced to reset customer passwords after a suspected data leak via social media, although its incident response efforts caused more confusion among some users.

US-based exchange Poloniex informed around 1% of its customer base that they had to reset their log-ins, following a tweet claiming to contain a list of leaked email/password combos.

However, customers took to Twitter warning that the email itself was a phishing scam, forcing the exchange to re-emphasize its legitimacy.

It followed-up with a blog post to clarify the situation.

“Our immediate priority was to ensure that our customers’ accounts were safe. As a result, we reset the passwords of potentially impacted customers, as users often reuse passwords or minor variants of the same password,” it explained.

“Our second priority was to determine the source of the leak and we can now confirm that neither this list, nor the information contained, originated from Poloniex. For those interested in our security protocols, we do not store passwords in plain text or a recoverable form, but rather we store them as salted bcrypt hashes.”

In fact, 90% of the compromised passwords on that list have already appeared on breach notification site HaveIBeenPwned?, it said.

“If you have a Poloniex account and did not receive an email from us related to this, you can be confident that your email address was not on the list,” the firm continued. “Less than 5% of the email addresses on the posted list were associated with Poloniex accounts.”

The incident highlights the increasing difficulty online firms are having to convince customers of the legitimacy of urgent communications, in light of a continued epidemic of phishing scams.

Following the collapse of UK travel agency Thomas Cook last year, UK banks were criticized for sending unsolicited text messages to affected customers containing clickable links.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!