We understand the importance of protecting your personal information, and we want to reassure you that Poloniex has not experienced any data breaches since our founding. In our commitment to maintaining the utmost security, we have integrated with a third-party service called "Have I Been Pwned" (HIBP). If you have seen the error message (This password has been used in a data breach. Please enter a new one. More Info: Have I Been Pwned?), it means that the password you used has appeared in a breached database list and should not be used.
HIBP collects and indexes data from various breaches and allows users to search for their email addresses or passwords to check if they have been exposed. When a user attempts to create or update their password, we securely compare your input against the breached data stored in its database. HIBP will not be able to access your password because we use a secure cryptographic hash to protect your privacy. In addition, we do not send the entire hash to HIBP, but only the first 5 characters of the hash. The results are then processed to determine if your password was in a breach. (A great explainer from CloudFlare is provided here). If the password has been compromised, we restrict its use to ensure your account remains secure.
Compromised passwords are restricted to prevent attackers from gaining unauthorized access to your account. By disallowing the use of these passwords, we try to help you create unique and secure credentials that are less susceptible to hacking attempts. This restriction helps protect not only your account but also the entire user community, as weak passwords can easily be exploited.
If you have any further questions or concerns, please contact our support team, who will be glad to assist you.