Crypto-derivatives exchange BitMEX has revealed the true extent of its major email address leak that occurred on November 1.
November 4, 2019, | AtoZ Markets – Popular cryptocurrency exchange, BitMEX says its internal processes failed last week, thus, exposing thousands of email addresses belonging to their clients.
BitMEX crypto exchange exposes over 22,000 email addresses
In an official announcement on Monday, BitMEX crypto exchange said its mass emailing operation failed. As a result, most BitMEX users had their email addresses publicly exposed via carbon copy (CC) on November 1.
Data provider Skew says BitMEX has some 22,000 daily users, though the number of email addresses exposed is likely significantly higher. With major email servers imposing restrictions on bulk emailing, the firm said:
“To remedy this, we built an in-house system to handle the necessary rendering, translation, staging, and piecemeal (as not to trigger rate limits) sending of important email.”
The exchange said it sends emails to all users very rarely, the last one of this size shipping in 2017. To expedite the process, BitMEX changed its email systems API in the last minutes. However, it did not undergo the typical checking process. The deputy chief operating officer (COO) Vivien Khoo said in the blog post:
“BitMEX is a global business that sends emails to many different email providers. Unfortunately, this makes the job of large services such as BitMEX difficult at times.”
BitMEX initiates measures to mitigate the damage
To prevent more damage, the exchange says it stopped further batches of emails from being sent out upon recognition of the issue.
After the exchange discovered the leak, BitMEX says they employed password resets and human review on endangered accounts. All users lacking two-factor authentication (2FA) and also holding account balances had passwords reset after the exchange noted hostile attempts to access accounts.
Khoo reiterated that no other personal information was divulged in the recent BitMEX email leak incidence.
“Beyond email addresses, at no point during this issue has any personal data or account information been disclosed.”
Furthermore, BitMEX mentioned that hackers took over the company’s Twitter right after the email leak issue on last Friday. BitMEX also said that the Twitter accident was unrelated to this accident and that the account was recovered within 6 minutes.
Think we missed something? Let us know in the comments section below.