Only a couple of months on from Binance’s own customer privacy meltdown, which exposed the personal details of thousands of its customers, leading exchange BitMex is facing a data breach of its own.
The difference? It looks like someone at BitMex itself was responsible, and instead of a malicious actor hacking the system it’s facing an even worse prospect – incompetent staff.
The scandal unfolded in the early hours of November 1, after a supposedly routine email update was issued to BitMex customers.
However, whoever was in charge of sending the messages looks to have made a rookie mistake.
BitMex acknowledged the breach on its Twitter account:
Instead of entering all of BitMex’s customer emails into the blind carbon copy (BCC) field, whoever sent the message used the carbon copy (CC) field, which meant the email addresses of everyone the message had been sent to were visible to everyone.
Source: Sakura Rice Bird, Twitter
Why does it matter? Well hackers may be able to extract the emails and – potentially – target the trading accounts of BitMex customers, aAnyone affected is recommended to update their password and ensure additional security measures, for example two-factor authentication are used on their accounts.
You would think an exchange that boasts a daily trade volume close to $3 billion would have measures in place to prevent such a basic error from happening – the damage this has caused to the exchange’s reputation will be immeasurable.
In an update on its blog, BitMex wrote:
“We are aware that some of our users have received a general user update email earlier today, which contained the email addresses of other users.
“Our team have acted immediately to contain the issue and we are taking steps to understand the extent of the impact. Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue.
“The privacy of our users is a top priority and we are very sorry for the concern this has caused to our users.”
But it could be too little too late for the exchange, with social media on fire with people lining up to slam such a blatant security breach.
Popular trader Crypto Loomdart posted to his 100k followers: “looks like bitmex just fucked up big time.”
Looks like BitMex is going to need to work extra hard to win back its customers’ trust.