urgent! BitMEX "accidentally" leaked a large number of user email addresses, please replace them immediately

The cryptocurrency derivatives exchange BitMEX forgot to use BCC when sending a collective email to the user, accidentally leaking all users' email addresses.

The content of this email is the "Index Update Notification" email sent by BitMEX. Many Twitter users (including English, Japanese and other multilingual countries), as well as Xiaobian circle of friends have reflected that you can see a lot of other in the recipient column. The email address of the BitMEX user. It is suspected that BitMEX forgot to select the "Bcc" function when sending a group mail, so that the user who received the mail can see other customers who received the same mail in the CC list.

Image source:

• Investor Perspectives | System, Order and Privacy Protection: Another Perspective on Blockchain
• The private key is handed over to relatives and friends for safekeeping. Are you assured of such a deposit?
• Preparing for the main online line: a quick overview of Libra node operation guide

BitMEX acknowledged the incident in an official statement issued today on November 1.

“Very incompetent”

In a tweet published on November 1st, Jake Chervinsky, a lawyer who focuses on cryptocurrencies, described the accidental public sharing of BitMEX's user email data as "imaginably extremely incompetent." Simple mistakes made.

The community members pointed out that the vulnerability made BitMEX account holders vulnerable to potential hackers, which was simply an "assist" for the attacker.

Some users expressed their concern that the nature of this error may mean that each email sent out contains only a portion of the total data leaked: "Although most people receive about 1,000 copies per email [other User email address], but they are actually dropping the entire database."

On Twitter, the user "kevin mcsheehan" outlines the risks, including potential risks:

"All email addresses have a public violation referenced by x to associate a universal password. From there, the attacker will use the xx, xxx proxy to try to break into the email inbox, exchange account, github, dropbox, etc. ”

"Our user privacy is a top priority"

BitMEX wrote in its statement:

“Our team has taken immediate action to control the problem, and we are taking steps to understand the extent of the impact. Please be assured that we will make every effort to determine the root cause of the failure and we will keep in touch with any users affected by this issue.”

The exchange added: "We put the privacy of our users first."

After receiving the leak message, several large exchanges have issued a statement reminding users to change the same mailbox as BitMEX.

Multiple exchanges remind users to change their mailbox

The official Weibo of the currency said:

“We have learned that a large number of user mailbox leaks have occurred on an exchange (referred to as BitMEX). If your email address is compromised and you have registered the currency with the same email address, we recommend that you change your currency registration immediately. mailbox."

OKEx officially forwarded the "BitMEX statement on user email leaks" related tweets and said:

“If you are affected and have an OKEx account that can be logged in with the same email, we recommend that you change your email address for security reasons. Email change requests will be prioritized during this time.

Earlier today, BitMEX revealed plans to make major adjustments to its cryptocurrency price index weights later this month, for which they sent the "accident" email to users.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!