Crypto derivatives exchange BitMEX has accidentally leaked user emails by forgetting to use blind copy (bcc) on a mass email.
The incident was acknowledged by BitMEX in an official statement published today, Nov. 1. Cointelegraph’s editorial team in Japan have independently revealed that a staff member was the recipient of the BitMEx newsletter in question.
In a tweet posted on Nov. 1, crypto-focused lawyer Jake Chervinsky characterized BitMEX’s accidental public sharing of user email data as a simple error committed in the “outrageously incompetent way imaginable.”
Some voiced their concern that the nature of the error could mean that each email includes just a section of the total leaked data: “while most people received about 1,000 [other user emails] per email — they dumped their *entire* user database.”
On Twitter, user “kevin mcsheehan” outlined the risks, including the potential for:
“all email addresses x-referenced w/ public breaches to associate universal passwords. from there attackers will use xx,xxx proxies to try to break into email inboxes, exchange accounts, github, dropbox, etc.”
“The privacy of our users is a top priority”
In its statement, BitMEX has written:
“Our team have acted immediately to contain the issue and we are taking steps to understand the extent of the impact. Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue.”
“The privacy of our users is a top priority,” the exchange added.
Following news of the leak, Binance crypto exchange advised all affected BitMEX users who also hold an account on Binance to change their Binane account email immediately.
Earlier today, BitMEX revealed plans to implement major changes to the weights of its cryptocurrency price indices later this month.