BitMEX Exchange Exposes User Base in Email Mishap

If you have an account with crypto derivatives exchange BitMEX, there’s never been a better time to update your security preferences.

On Friday at 08:00 UTC, BitMEX alerted its clientele via blog and Twitter that it had accidentally revealed many of its user’s email addresses in the CC: field.

The unfortunate email also opens users up to targeted phishing attacks, as  anyone obtaining the email has a portion of what’s needed to access the account login.

BitMEX has now asked customers to add BitMEX’s support email to their contact lists to decrease phishing emails along with adding 2-factor authentication (2FA). The exchange appeared to suggest a bug caused the incident, saying on the company blog: “The error which has caused this has been identified and fixed.”

“We are aware that some of our users have received a general user update email earlier today, which contained the email addresses of other users,” they said on the blog. “Our team have acted immediately to contain the issue and we are taking steps to understand the extent of the impact.”

In a statement to CoinDesk, BitMEX Deputy COO Vivien Khoo said:

Earlier today, the majority of our users received an email containing the email addresses of other users in the ‘to’ field. This was a general email update about upcoming changes to the weighting of our indices.

We are deeply sorry for the concern this has caused to our users. The issue was caused by an error in the software used to send emails. As soon as we were made aware of the issue, we immediately prevented further emails from being sent and have since addressed the issue to ensure this does not happen again.

BitMEX takes the privacy and security of our users very seriously. We are working around the clock to establish communication with all our users to provide any assistance and to ensure the continued safety of their account.

Beyond email addresses, at no point during this issue has any personal data or…

Source Link