Crypto derivatives exchange BitMEX has accidentally leaked user emails by forgetting to use blind copy (bcc) on a mass email.
The incident was acknowledged by BitMEX in an official statement published today, Nov. 1. Cointelegraph’s editorial team in Japan have independently revealed that a staff member was the recipient of the BitMEx newsletter in question.
“Outrageously incompetent”
In a tweet posted on Nov. 1, crypto-focused lawyer Jake Chervinsky characterized BitMEX’s accidental public sharing of user email data as a simple error committed in the “outrageously incompetent way imaginable.”
Concerned community members have pointed out that the leak makes BitMEX account holders vulnerable targets to potential hackers, with the data serving as a “puzzle piece” for attackers.
Some voiced their concern that the nature of the error could mean that each email includes just a section of the total leaked data: “while most people received about 1,000 [other user emails] per email — they dumped their *entire* user database.”
On Twitter, user “kevin mcsheehan” outlined the risks, including the potential for:
“all email addresses x-referenced w/ public breaches to associate universal passwords. from there attackers will use xx,xxx proxies to try to break into email inboxes, exchange accounts, github, dropbox, etc.”
“The privacy of our users is a top priority”
In its statement, BitMEX has written:
“Our team have acted immediately to contain the issue and we are taking steps to understand the extent of the impact. Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue.”
“The privacy of our users is a top priority,” the exchange added.
Following news of the leak, Binance crypto exchange advised all affected BitMEX users who also hold an account on Binance to change their Binance account email immediately.
Earlier today, BitMEX revealed plans to implement major changes to the weights of its cryptocurrency price indices later this month.
Cointelegraph has not received a response from BitMEX regarding the scope of the leak by press time.