BitMEX Clarifies: Nothing Beyond Email Addresses Was Leaked

It’s safe to say that last Friday was a rather bad one for BitMEX, the most popular Bitcoin margin trading exchange. The company made a tiny mistake which ended up disclosing the emails of a lot of users while sending an update letter. However, the cryptocurrency exchange has just clarified that absolutely nothing but those emails was leaked and that they have taken the necessary measures in order to avoid accidents of the kind in the future.

BitMEX Confirms Only Emails Were Leaked

Last Friday, as Cryptopotato reported, BitMEX went through a lot of turmoil. The company did a small mistake which led to the unintentional leakage of the emails of some of its users. Even though some community members were concerned, the popular Bitcoin margin trading exchange has just shared additional information, putting all doubts to bed.

First off, the exchange outlined that they are in touch with affected users to make sure that all the proper processes are being followed. Moreover, they also shared some clarity on the matter of what happened.

Apparently, the email which informed users about an index change back on November 1st contained the email addresses of other users in the “To:” field. In other words, anyone who received the email could also take a look at the other recipients of the same.

In order to deal with email delivery, BitMEX has created an in-house system that is supposed to handle all the rendering, translation, and staging of processes of the kind. Unfortunately, the tool which handles the sending created a concatenated “To:” field.

“…the tool was quickly rewritten to send single SendGrid API calls in batches of 1,000 addresses. Unfortunately, due to the time constraints, this was not put through our normal QA process. It was not immediately understood that the API call would create a literal concatenated “To:” field, leaking customer email addresses. As soon as we became aware, we immediately prevented further emails from being sent and have addressed the root cause. Since then we have been aiding all who have been affected as best we can and mitigating the damage to contain the leak.”

Most Users Affected

The official statement says that “most users” were affected by the above action. In other words, if you’ve received the email for the index change on November 1st, your address has been exposed. The statement, however, also says that even if you haven’t received it, you might still have been affected.

Reportedly, the employees of BitMEX are working very hard in order to reduce the risk for users. There have been several account password resets, as well as human reviews with the Support team of the exchange, among other actions.

Nevertheless, the exchange also shared that absolutely no other information besides email addresses has been revealed. They also advise users to be particularly careful when it comes to phishing attempts and to make sure that they have their two-factor authentication turned on at all times.