{"id":19016,"date":"2019-11-01T18:57:35","date_gmt":"2019-11-01T18:57:35","guid":{"rendered":"http:\/\/ci027cfe79900026c3"},"modified":"2019-11-01T18:57:35","modified_gmt":"2019-11-01T18:57:35","slug":"bitmex-compromises-user-data-in-email-gaffe","status":"publish","type":"post","link":"https:\/\/bitcoinmagazine.com\/culture\/bitmex-compromises-user-data-in-email-gaffe","title":{"rendered":"BitMEX Compromises User Data in Email Gaffe"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div><figure><img decoding=\"async\" src=\"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/11\/bitmex-compromises-user-data-in-email-gaffe.png\" title=\"\"><\/figure>\n<p>Early in the day on November 1, 2019, cryptocurrency exchange BitMEX sent a mass email to a large swath of its user base and included their email addresses in the \u201cTo\u201d field, thereby compromising their privacy.<\/p>\n<p>A screenshot of the email shared on <a href=\"https:\/\/twitter.com\/sakuraricebird\/status\/1190167326898806784\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> showed dozens of email addresses visible in an email from BitMEX. The exchange has indicated that the email was a general user update.<\/p>\n<p>\u201cWe are aware that some of our users have received a general user update email earlier today, which contained the email addresses of other users,\u201d the exchange wrote in a <a href=\"https:\/\/blog.bitmex.com\/statement-on-email-privacy-issue-impacting-our-users\/\" target=\"_blank\" rel=\"noopener\">statement<\/a> on its blog. \u201cRest assured we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue.\u201d<\/p>\n<p>Vivien Khoo, deputy COO of BitMex, explained to <a href=\"https:\/\/www.theblockcrypto.com\/post\/45487\/bitmex-exposes-some-users-email-ids-to-other-users-affecting-their-privacy\" target=\"_blank\" rel=\"noopener\"><em>The Block<\/em><\/a> that the email was sent to \u201cthe majority\u201d of the exchange\u2019s users and traced the cause to \u201can error in the software script used to send the emails.\u201d<\/p>\n<p>But in a similar event that may suggest a larger issue, it appeared that BitMEX\u2019s Twitter account was compromised around the same time that the email was sent. BitMEX\u2019s official Twitter account posted \u201cTake your BTC and run. Last day for withdrawals,\u201d according to an <a href=\"https:\/\/archive.md\/UF3Qp\" target=\"_blank\" rel=\"noopener\">archived tweet<\/a> that has since been deleted.<\/p>\n<p>Shortly afterward, the account tweeted a message meant to reassure users that their funds were safe, blaming \u201ctrolls\u201d for the confusion.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">We would like to reassure our users that while the trolls may target our Twitter account, you may rest assured that all funds are safe.<\/p>\n<p>&mdash; BitMEX (@BitMEX) <a href=\"https:\/\/twitter.com\/BitMEX\/status\/1190267001714835456?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">November 1, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h2><strong>Are BitMEX Users Vulnerable?<\/strong><\/h2>\n<p>As many respondents have <a href=\"https:\/\/twitter.com\/Crypto_Horsey\/status\/1190267543333801986\" target=\"_blank\" rel=\"noopener\">pointed out<\/a>, trusting the exchange with user security at this point is difficult.<\/p>\n<p>While no funds seem to have been lost at the time of publication, users affected by the email leak are now potentially vulnerable to phishing attacks, email hacks (especially for those who have weak passwords) and malware.&nbsp;<\/p>\n<p>Also, email addresses may be cross-referenced with other data dumps that have occurred in the past, giving hackers easier access to several platforms and services tied to those email addresses.&nbsp;<\/p>\n<p>Fellow cryptocurrency exchange Binance tweeted about the leak, recommending that any of its compromised customers who use the same email account on Binance change it immediately.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">\u26a0\ufe0fWe are aware of a large-scale user email leak from another exchange.\u26a0\ufe0f<\/p>\n<p>If you are one of the affected users and you also have a Binance account under the same email address, we recommend changing your email immediately using the below steps:<a href=\"https:\/\/t.co\/sgEr5sqleg\">https:\/\/t.co\/sgEr5sqleg<\/a><\/p>\n<p>&mdash; Binance (@binance) <a href=\"https:\/\/twitter.com\/binance\/status\/1190176334837735425?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener\">November 1, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>By inadvertently including the majority of its users\u2019 emails in an update email, cryptocurrency exchange BitMEX has compromised their privacy.<\/p>\n","protected":false},"author":3435,"featured_media":19017,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[1536],"class_list":{"0":"post-19016","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-culture","8":"tag-bitmex"},"author_data":{"id":3435,"name":"Jimmy Aki","nicename":"jimmy-aki","avatar_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/12\/jimmy-aki-promo-image-96x96.jpg"},"featured_image_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/11\/bitmex-compromises-user-data-in-email-gaffe.png","_links":{"self":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/19016","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/users\/3435"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/comments?post=19016"}],"version-history":[{"count":0,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/19016\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media\/19017"}],"wp:attachment":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media?parent=19016"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/categories?post=19016"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/tags?post=19016"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}