urgent! BitMEX "accidentally" leaked a large number of user email addresses, please replace them immediately

The cryptocurrency derivatives exchange BitMEX forgot to use BCC when sending a collective email to the user, accidentally leaking all users' email addresses.

The content of this email is the "Index Update Notification" email sent by BitMEX. Many Twitter users (including English, Japanese and other multilingual countries), as well as Xiaobian circle of friends have reflected that you can see a lot of other in the recipient column. The email address of the BitMEX user. It is suspected that BitMEX forgot to select the "Bcc" function when sending a group mail, so that the user who received the mail can see other customers who received the same mail in the CC list.

Email-1975018_1280

Image source:

BitMEX acknowledged the incident in an official statement issued today on November 1.

“Very incompetent”

In a tweet published on November 1st, Jake Chervinsky, a lawyer who focuses on cryptocurrencies, described the accidental public sharing of BitMEX's user email data as "imaginably extremely incompetent." Simple mistakes made.

The community members pointed out that the vulnerability made BitMEX account holders vulnerable to potential hackers, which was simply an "assist" for the attacker.

Some users expressed their concern that the nature of this error may mean that each email sent out contains only a portion of the total data leaked: "Although most people receive about 1,000 copies per email [other User email address], but they are actually dropping the entire database."

On Twitter, the user "kevin mcsheehan" outlines the risks, including potential risks:

"All email addresses have a public violation referenced by x to associate a universal password. From there, the attacker will use the xx, xxx proxy to try to break into the email inbox, exchange account, github, dropbox, etc. ”

"Our user privacy is a top priority"

BitMEX wrote in its statement:

“Our team has taken immediate action to control the problem, and we are taking steps to understand the extent of the impact. Please be assured that we will make every effort to determine the root cause of the failure and we will keep in touch with any users affected by this issue.”

The exchange added: "We put the privacy of our users first."

After receiving the leak message, several large exchanges have issued a statement reminding users to change the same mailbox as BitMEX.

Multiple exchanges remind users to change their mailbox

The official Weibo of the currency said:

“We have learned that a large number of user mailbox leaks have occurred on an exchange (referred to as BitMEX). If your email address is compromised and you have registered the currency with the same email address, we recommend that you change your currency registration immediately. mailbox."

WX20191101-183438@2x

OKEx officially forwarded the "BitMEX statement on user email leaks" related tweets and said:

“If you are affected and have an OKEx account that can be logged in with the same email, we recommend that you change your email address for security reasons. Email change requests will be prioritized during this time.

WX20191101-183404@2x

Earlier today, BitMEX revealed plans to make major adjustments to its cryptocurrency price index weights later this month, for which they sent the "accident" email to users.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Opinion

a16z evaluates the regulation of Web3 in the United States The regulatory situation is much more optimistic

This article analyzes and rates cases involving Coinbase, Uniswap, ZeroEx, OPYN, and Deridex, and finds that the regu...

Blockchain

Center absence: history, current status and prospects of atomic exchange and decentralized trading platforms

On July 30th, Liquid Network officially announced that Tether (USDt) has settled on the Liquid side chain, which mean...

Blockchain

Blockchain investment: which "platform coin" has more investment value?

In the last lecture, I analyzed the "privacy currency" field in the blockchain industry. In this lecture, I...

Blockchain

Weekly data on the BTC chain: data on the chain began to fall, and the exchange traded frequently

In the past week (10.28-11.03), from the main chain data, the total amount of transactions has increased compared wit...

Blockchain

FTX Crypto Exchange: The Bidding Bonanza!

Some of the available options include selling the exchange, which previously had 9 million users but went bankrupt.

Market

Encryption exchange "moving tide": US SEC "strongly pushed away", Middle East and Hong Kong "welcoming with a smile"

Due to the recent pressure from the SEC, several major exchanges around the world are preparing to flee, with the UAE...