Post Mortem – Darwinex Security Incident
We have reached out to our users with important information to protect their Darwinex account. This post explains what happened and why we are asking our users to take prompt action.
- Redirect you onto a 3rd party site as you attempted to access Darwinex, and/or
- Intercept information exchanged between you and us:
- From your browser to our servers,
- Data you entered (typed in) whilst the threat was active.
In this regard, it is worth emphasising that:
- We’re talking about a vulnerability – most of the actions are pre-emptive to avoid any issues.
- Neither our servers nor any of the information stored in our databases were compromised.
- We don’t store payment details from our users.
- Trading credentials were not affected.
- We always verify withdrawal requests to prevent anyone asking us to wire your funds to them.
What was the risk
After conducting a thorough investigation, we concluded that only usernames and / or passwords could have been eventually intercepted, if any.
Since your password is the key to impersonating your interactions with us, we asked you to change it and scan your Darwinex activity logs for unknown activity. You can access your Darwinex user logs in the “Settings” section of your Darwinex profile.
What is the risk now?
None, if your system is free of malicious code (run your antivirus!) and you’ve updated your Darwinex password. If you haven’t already, please do it now.
- We keep working and investigating this incident with a view to implementing all the relevant measures to pre-empt and identify vulnerabilities going forward.
- We are running an in-depth analysis of our Community forum to make sure it has not been affected. Access is restricted for the time being and we will keep you duly posted when it is back again.
Last, but not least, SORRY. We know you have tons on your plate and this gave you a scare and wasted your precious time. We’ll try to make the best of this and evolve from here.
Your Darwinex Team