BitMEX Says Quality Check ‘Failure’ Led to Email Privacy Breach
BitMEX says its internal processes âfailedâ last week, subsequently exposing thousands of the exchangeâs clients to privacy risks.
In a company blog posting on Monday, the crypto-derivatives exchange said its mass emailing operation failed causing âmost BitMEX usersâ to have their email addresses publicly exposed via carbon copy (CC) on Nov. 1.
Data provider Skew says BitMEX has some 22,000 daily users, though the number of email addresses exposed is likely significantly higher.
With major email servers imposing restrictions on bulk emailing, the firm said:
âTo remedy this, we built an in-house system to handle the necessary rendering, translation, staging, and piecemeal (as not to trigger rate limits) sending of important email.â
The exchange said it sends emails to all users very rarely, the last one of this size shipping in 2017. To expedite the process, the exchangeâs email systems API was changed at the last minute, but did not undergo the typical checking process.
âBitMEX is a global business that sends emails to many different email providers,â said deputy chief operating officer Vivien Khoo in the blog posting. âUnfortunately, this makes the job of large services such as BitMEX difficult at times.â
The exchange says it stopped further batches of emails being sent out upon recognition of the issue.
In response to the leak, BitMEX says they employed password resets and human review on endangered accounts. All users lacking two-factor authentication (2FA) and also holding account balances had passwords reset after the exchange noted hostile attempts to access accounts.
In an email to CoinDesk last Friday, Khoo reiterated that no other personal information was divulged.
âBeyond email addresses, at no point during this issue has any personal data or account information been disclosed.â
BitMEX CEO Arthur Hayes image via BitMEX
- Binance Exchange Is First Client for Paxos’ New Dollar Gateway
- Bithumb Global Launches Native Token for Exchange Ecosystem
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.