Security News > 2020 > January > Cryptocurrency exchange Poloniex issues password reset warning

Cryptocurrency exchange Poloniex issues password reset warning
2020-01-03 17:54

When is a password breach not a password breach? When is a password warning a hoax?

The "Poloniex emails and passwords" announced on Twitter seem to have been from a previous, unknown breach, and the crooks were simply chancing their arm by guessing that at least some of the account names and password might also work on the Poloniex site.

Poloniex nevertheless reset the passwords of any users who did show up in the list - a good precaution just in case any of the old passwords might have worked.

Interestingly, Poloniex says that, because it uses bcrypt and stores hashed passwords, it "Cannot confirm if the password listed with your email address is the password you use on Poloniex."

The second question is a bit tricker: "How to know that a password reset warning isn't itself a scam?".


News URL

https://nakedsecurity.sophos.com/2020/01/03/cryptocurrency-exchange-poloniex-issues-password-reset-warning/