Today, November 4, the BitMEX derivatives trading platform released an update regarding the data leak that took place on Friday, November 1.
BitMEX reports on its own blog that the situation with the e-mail happened due to a bug in its own development for bulk mailing of users about changes in settlement indices. The tool optimizes the sending of mails of 1000 ones. At the same time, the system did not pass the customary testing.
As BitMEX notes:
“BitMEX has not sent an email to every customer at once since 2017, and much has changed since then.”
At the same time, the statement says that the scale could be larger. However, the team has reacted in time and canceled the sends. At risk are all those who got a mail that contains the information on indices dated November 1 with the presence of multiple e-mail addresses in the “To:” line. If only your e-mail is indicated there, anything is in order.
The derivatives platform assured users that its team had already assumed measures to solve the problem, which, as it turned out later, was caused by a software glitch. BitMEX claims that the glitch affected only the email addresses of users and no other personal data was affected.
Twitter users note that a similar data leak was recently committed by the Kraken crypto exchange. However, the leak was ignored because of its sends was not mass.
Recall, on Friday, BitMEX cryptocurrency exchange leaked personal data of users. During the bulk mail sends the email addresses of a number of exchange customers were disclosed.
The newsletter was created in order to warn customers about the modification in the percentage of data from a number of websites in the BitMEX indices. The new modification will enter into force on November 22. The modifications are related to the addition in the indices of Huobi, Gemini and Itbit crypto exchanges.
As Compound Finance’s chief legal adviser Jake Chervinsky remarked such a gross violation of privacy is the first thing an exchange needs to be investigated by the Commodity Futures Trading Commission (CFTC).
Really? I didn't see that. I mean, this kind of thing is a *massive* privacy breach with potentially serious consequences — the last thing a derivatives exchange needs to deal with during a CFTC investigation. This can't possibly be intentional.
— Jake Chervinsky (@jchervinsky) November 1, 2019
Recall that in July, it was reported that CFTC investigators find out if BitMEX violated the law by allowing US citizens to trade on an unregistered platform. There was no official confirmation of the investigation.
Taking this opportunity, the BitMEX competitor – Binance Exchange – warned its customers that if they are registered on BitMEX under the same email addresses, they should immediately change them.
Use a unique email address and unique password for each exchange. Use a password manager to remember the strong passwords for you. https://t.co/hWjDldPRLN
— CZ Binance (@cz_binance) November 1, 2019
In turn, the head of Binance Changpeng Zhao recommended users to manage unique email addresses and passwords for each cryptocurrency exchange.