Crypto derivatives exchange BitMEX accidentally leaked emails from users because they had forgotten to use the blind copy (bcc) function when sending a mass email. The incident was admitted by BitMEX in an official statement published today.
Doxxed by BitMEX
In a tweet posted on November 1, crypto-focused lawyer Jake Chervinsky stated the following:
BitMEX just doxxed its users in the most outrageously incompetent way imaginable: forgetting to use blind copy on mass email. Someone must be cleaning out their desk already. https://t.co/KmARzImxnk
— Jake Chervinsky (@jchervinsky) November 1, 2019
BitMEX just doxxed its users in the most outrageously incompetent way imaginable: forgetting to use blind copy on mass email. Someone must be cleaning out their desk already.
Concern from the users
Concerned community members have pointed out that the BitMEX account holders leak makes vulnerable targets vulnerable hackers. Some expressed concern that the nature of the error could mean that each e-mail contains only part of the total leaked data. Most people received around 1,000 e-mail addresses by e-mail, but their entire user database was leaked.
On Twitter, user “Kevin McSsheehan” outlined the risks:
bitmex leaked their whole db.
what happens next:
all email addresses x-referenced w/ public breaches to associate universal passwords.
— Kevin McSheehan (@123456) November 1, 2019
from there attackers will use xx,xxx proxies to try to break into email inboxes, exchange accounts, github, dropbox, etc.
BitMEX wrote in its statement:
Our team took immediate action to monitor the problem and we are taking measures to understand the extent of the impact. You can be sure that we are doing everything we can to find out the cause of the error and that we are in contact with all users affected by the problem.
The privacy of our users is a top priority.
Binance advises changing your e-mail address
Binance advises all affected BitMEX users, who also have an account on Binance, to immediately change their Binance account e-mail.