Cryptocurrency exchange BitMEX has accidentally leaked user emails by forgetting to use blind copy (bcc) on a mass email.
November 1, 2019, | AtoZ Markets – Cryptocurrency derivatives exchange BitMEX accidentally exposed thousands of user emails today by mistakenly using the wrong email tool. Instead of using blind carbon copy, it used carbon copy, for multiple emails sent to its users. Each contains thousands of user emails.
BitMEX Client Emails Leak didn’t go unnoticed
Confirming the issue, BitMEX announced Friday that it is “aware that some of our users have received a general user update email earlier today, which contained the email addresses of other users.”
Nevertheless, the incident didn’t go unnoticed as many cryptocurrency enthusiasts discussing the news on Twitter.
BitMEX just doxxed its users in the most outrageously incompetent way imaginable: forgetting to use blind copy on mass email. Someone must be cleaning out their desk already. https://t.co/KmARzImxnk— Jake Chervinsky (@jchervinsky) November 1, 2019
BitMEX just doxx’d thousands of their customers by sending a mass email and not adding recipients to BCC. Good luck recovering from a fuck up of this magnitude https://t.co/S71CsEJcHv— Larry Cermak 🦁 (@lawmaster) November 1, 2019
On Twitter, user “kevin mcsheehan” outlined the risks, including the potential for:
“All email addresses x-referenced w/ public breaches to associate universal passwords. From there, attackers will use xx,xxx proxies to try to break into email inboxes, exchange accounts, github, dropbox, etc.”
“The privacy of our users is a top priority”
In its statement, BitMEX has written that:
“The privacy of our users is a top priority and we are very sorry for the concern this has caused to our users.”
BitMEX also added that it is looking into the matter to identify the root cause.
Following news of the leak, BitMEX rival Binance advised all affected BitMEX users who also hold an account on Binance to change their Binane account email immediately. Binance CEO Changpeng “CZ” Zhao, on the other hand, advised customers to use unique email addresses and passwords for each exchange and to use a password manager.
Earlier today, BitMEX revealed that it is updating weights of its indices on Nov. 22 to ensure the reference prices more closely reflect the market consensus.
AtoZMarkets has reached out to BitMEX for further comment and will update this story if a reply is received.
Think we missed something? Let us know in the comments section below.