BitMEX has just doxxed thousands of customer email addresses by forgetting to add all the recipients to blind carbon copy. Accidentally sent as a mass email, a long list of customer email addresses was visible to everyone who received it.
BitMEX’s incredibly negligent mistake is now raising questions over the exchange’s handling of customer data.
Thousands of Email Addresses Compromised
In a recent email sent out by BitMEX, all the recipient email addresses were simply added as “To” rather than as “Bcc.” This means that every person’s email who was on the list of recipients was visible to everyone who received it. This reckless mistake means that many BitMEX accounts are now susceptible to potential hackers.
One user posted an email to Twitter that they received, showing a long list of the other Gmail addresses who also received it.
— 桜文鳥 (@sakuraricebird) November 1, 2019
Thousands of emails have been compromised and hackers can quite easily use databases and similar passwords to hack individual BitMEX accounts. If you don’t have 2fa enabled, this would be a good time to turn it on.
Someone within BitMEX clearly made a mistake, but it begs the question — how is such a mistake even possible? As @Vanalli writes on Twitter, is BitMEX really sending out emails without any third-party software?
— Matt (@Vanalli) November 1, 2019
Is BitMEX Really Just Copy-Pasting Emails?
BitMEX, despite being one of the largest cryptocurrency exchanges and futures platforms in the world, seems to be sending out emails by simply copy-and-pasting addresses. Basic third-party software for managing emails would have prevented such a mistake. In effect, this mishap indicates some level of gross negligence within the BitMEX team regarding customer data — it forces us to wonder about what the ‘procedure’ is behind its security.
BitMEX, all things considered, has never been hacked. Yet, it remains to be seen whether this email list leak will end up negatively affecting customers. If the exchange wants to do right, it should really ensure that every account affected will have their funds reimbursed if stolen. Moreover, it should really consider retraining its employees on how to send a proper corporate email.
Images courtesy of Shutterstock, Twitter.
Did you know you can trade sign-up to trade Bitcoin and many leading altcoins with a multiplier of up to 100x on a safe and secure exchange with the lowest fees — with only an email address? Well, now you do! Click here to get started on StormGain!