Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Technology » BitMEX Exposes User Emails In Data Leak; Twitter Hack Follows

BitMEX Exposes User Emails In Data Leak; Twitter Hack Follows

by

Or is it just one disgruntled employee?

Bitmex user emails were leaked

Share this article

BitMEX has experienced a data leak, but not in the way you might expect. In a major misstep, the company accidentally shared user email addresses with its customers.

On November 1st, the exchange issued a statement: “Earlier today, some of our users received an email which contained the email addresses of other users in the ‘to’ field.”

Though BitMEX has blamed the leak on a “software issue,” human error may be involved. Most likely, an employee misused the email software’s “carbon copy” field.

What’s The Risk?

Email addresses alone cannot be used to access BitMEX accounts. However, attackers could gather passwords and recovery info by phishing users or searching the dark web.

Larry Cermak of TheBlock predicts that this will be one outcome of the data leak: “Get ready for constant phishing attempts and emails from competitors,” he writes.

In addition to the risk of phishing, he added that user identities could be revealed. “I’d say more than 50% of emails are trivially easy to doxx,” he posted on Twitter.

The risk is not isolated to BitMEX, since many people use one email address for multiple sites. Binance and OKEx have suggested users update their security settings as well.

An Aftershock On Twitter

Shortly after the data leak, BitMEX’s Twitter account was commandeered. The first tweet simply read “hacked,” and the next warned users to “take [their] BTC and run.”

Naturally, the company deleted these tweets and attempted to ease concerns, mentioning “trolls” without explicitly noting that their account was hacked:

Some have speculated that the “hack” was in fact a rogue warning from an internal employee, not an external attack, though this has not been confirmed.

Data Leaks All Too Common

BitMEX is not the only exchange to leak user data. Coinmama and QuickBit, for example, have also experienced user data leaks over the past year.

Though those leaks revealed more data, BitMEX caused its own data leak through a simple mistake—a level of carelessness that is not likely to reflect well on it.

Of course, mistakes are commonplace. One report finds that 60% of data breaches are due to human error, and that 18% of those are due to carbon copy errors.

Other investigations have found that exchange security is especially poor. In any case, it pays to keep on top of the best practices for crypto security.

Can BitMEX Overcome Its Troubled Past?

BitMEX has attracted controversy prior to today’s incident. In particular, it has garnered criticism around its regulatory compliance and user data policies in the past.

The fallout of today’s data leak remains to be seen. Perhaps it won’t be disastrous: BitMEX also observed malicious login attempts in June, which passed without incident.

Despite controversies, BitMEX remains popular. It is just one of a few exchanges that offers crypto futures trading, which makes it something of a mainstay for investors.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.