- The largest cryptocurrency exchange by volume, BitMEX Exchange Exposed its User Base in Email Mishap reported on 1st November.
- BitMEX Exchange in their recent blog post assured users that only Email data is leaked, no other personal information is exposed.
In the recent company Blog Post, BitMEX told a privacy breach had occurred exposing thousands of client’s email which put the risk of privacy. BitMEX is a peer to peer cryptocurrency exchange providing contracts with credit support. It came into existence in 2014 by its creator Arthur Hayes. BitMEX only accepts exchanges through Bitcoin, the website is available in five different languages.
BitMEXs’ internal processes deliberately failed last week which paved the path to exposing thousands of the exchange’s clients to privacy risk. The email addresses were exposed publicly through Carbon Copy on November 1st.
As per data by Skew, BitMEX has daily users close to about 220,000 but there is an estimation that the number of emails under the risk of a breach is more than that of the users. To tackle this problem the company has built an in-house system to handle the necessary rendering, translation, staging, and piecemeal sending of important email.
“BitMEX is a global business that sends emails to many different email providers,”
“Unfortunately, this makes the job of large services such as BitMEX difficult at times.”
-said deputy chief operating officer Vivien Khoo in the blog.
The exchange sends an email on rare occasions as one such occurred in the year 2017 as large shipping, to counter the process the systems in the exchange change the API keys in the last minute but didn’t go through the typical checking process. The exchange reported that it stopped further groups of emails being sent out upon foreseeing the issue.
Password resets were put forth as soon as they heard about the breach and human review on endangered accounts. All BitMEX users not having two-factor authentication (2FA) and also possessing account balances had passwords reset options after the exchange observed hostile attempts to access accounts.
“Beyond email addresses, at no point during this issue has any personal data or account information been disclosed.”
Said Vivien Khoo.