The cryptocurrency industry remains unregulated, with questionable security and a number of hacks in its past. With that in mind, it is crucial for all participants to do whatever they can to increase safety while working with unregulated, but still very much real money.
This is why BitMEX’s recent accident in which the crypto derivatives trading platform revealed numerous personal emails of its users is considered a major data leak. In a recently published statement, the company admitted that it accidentally revealed its users’ personal emails dut to failure to apply blind carbon copy (BCC).
The email reveals happened earlier today when some of the users received a general user update notification, which contained the address of all other users who received the same update. BitMEX also posted an update, stating that it is aware of the issue and that it already managed to identify the root cause of the problem.
We are aware of an email privacy issue impacting our customers. We have identified the root cause and will be in touch with any users affected by the issue. See our blog for details: https://t.co/FNp2Fdyxdn
— BitMEX (@BitMEXdotcom) November 1, 2019
The company also stated that its security team had acted immediately and that it managed to contain the issue. At the moment, it is taking all the necessary steps to understand the impact’s extent, and it will stay in touch with any and all affected users.
Meanwhile, the crypto community on Twitter picked up on the problem itself, announcing that BitMEX revealed the users’ email in a ‘most outrageously incompetent way imaginable.’
BitMEX just doxxed its users in the most outrageously incompetent way imaginable: forgetting to use blind copy on mass email. Someone must be cleaning out their desk already. https://t.co/KmARzImxnk
— Jake Chervinsky (@jchervinsky) November 1, 2019
Even other exchanges, including Binance and OKEx, tweeted about the incident.
If you are affected and have an OKEx account with the same email login, we recommend that you change your email for security reasons. Email change requests will be prioritized during this time.
— OKEx (@OKEx) November 1, 2019
They did not name BitMEX specifically out of concerns for its users, and they advised all of their own users who might also be BitMEX customers to change their emails immediately.
⚠️We are aware of a large-scale user email leak from another exchange.⚠️
If you are one of the affected users and you also have a Binance account under the same email address, we recommend changing your email immediately using the below steps:https://t.co/sgEr5sqleg
— Binance (@binance) November 1, 2019
The incident serves as yet another example of how mistakes do tend to happen, and that security is far from what it could (and should) be in the crypto industry.