BitMEX, the crypto derivatives exchange, has accidentally leaked user emails by forgetting to use blind copy (bcc) on a mass email.
The incident was acknowledged by BitMEX in an official statement published on November 1. The editorial team of the Cointelegraph in Japan has independently revealed that a staff member was the recipient of the BitMEX newsletter in question.
On November 1, Jake Chervinsky, the crypto-focused Lawyer, has posted in a tweet that BitMEX’s accidental public sharing of user email data is a simple error that committed in the “outrageously incompetent way imaginable.”
BitMEX just doxxed its users in the most outrageously incompetent way imaginable: forgetting to use blind copy on mass email. Someone must be cleaning out their desk already. https://t.co/KmARzImxnk — Jake Chervinsky (@jchervinsky) November 1, 2019
However, concerned community members have pointed out that the leak makes BitMEX account holders vulnerable targets to potential hackers, with the data serving as a “puzzle piece” for attackers.
bitmex leaked their whole db. what happens next: all email addresses x-referenced w/ public breaches to associate universal passwords. from there attackers will use xx,xxx proxies to try to break into email inboxes, exchange accounts, github, dropbox, etc.@rektkid_ @kpoulsen pic.twitter.com/INPQlATIR9 — kevin mcsheehan (@123456) November 1, 2019
Some voiced their concern that the nature of the error could mean that each email includes just a section of the total leaked data:
“While most people received about 1,000 [other user emails] per email — they dumped their *entire* user database.”
In its statement, BitMEX has written:
“Our team has acted immediately to contain the issue and we are taking steps to understand the extent of the impact. Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue.”
The exchange added:
“The privacy of our users is a top priority.”
⚠️We are aware of a large-scale user email leak from another exchange.⚠️ If you are one of the affected users and you also have a Binance account under the same email address, we recommend changing your email immediately using the below steps:https://t.co/sgEr5sqleg — Binance (@binance) November 1, 2019
Thus, BitMEX revealed plans to implement major changes to the weights of its cryptocurrency price indices later this month.