That's a very concerning thread. The most interesting comment was the following:
https://www.reddit.com/r/PoloniexForum/comments/6t4tvs/i_managed_to_bypass_2fa_and_email_verification_is/dlits1b/The Poloniex database wasn't leaked. I found a user reusing credentials from another leaked database that had already been cracked. The user had 2FA, and I managed to use an exploit to make it useless, and another bug caused their email client to verify the transaction by just opening the confirmation email (due to improperly configured robots.txt).
Don't re-use passwords, people. Make a new 14 character password for every site you use.
Also, the email exploit where the email was being confirmed without clicking was an Outlook email. If you use Outlook, change your email to something else.
