SECURITY
SECURITY
SECURITY
Cryptocurrency exchange BitMEX exposes customer email addresses in newsletter
Cryptocurrency exchange BitMEX has exposed the email addresses of 23,000 customers after sending out an email with the emails of the recipients in the cc: field.
The email addresses were exposed when the exchange sent out its weekly newsletter, immediately causing concern among its users given that the emails could be targeted by malicious actors.
BitMEX confirmed the data breach, saying in a statement Friday that it was aware that some of its users have received a general user update email that contained the email addresses of other users.
“Our team have acted immediately to contain the issue and we are taking steps to understand the extent of the impact,” the statement adds. “Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue.”
The exposure of the emails opens up anyone on the list to spam, phishing attempts and, although it didn’t include passwords, attempts to obtain access to their accounts.
The use of common passwords is one obvious door to access. Hackers can match email addresses leaked by BitMEX to lists of previously hacked credentials then attempt to use the passwords they identify to gain access to BitMEX accounts.
Phishing attempts are a real risk given that the BitMEX leak confirms that the email addresses belong to BitMEX users.
The timing isn’t great for BitMEX. It’s under investigation by the U.S. Commodity Futures Trading Commission for providing services to U.S. citizens while not licensed to do so. According to Larry Cermak, director of research at The Block, some of the leaked emails include those from the U.S.
UPDATE: I now have access to 23,000 emails that were leaked by BitMEX. Surprisingly, there is only one person that used a .gov email. There were 66 students/alumni that used .edu email. NYU dominates (7 people), followed by Berkley, and University of Michigan. https://t.co/vmcyVz5Uqe
— Larry Cermak (@lawmaster) November 2, 2019
Dovey Wan, the co-founder of Primitive Crypto, noted that it may expose those on the list to attention from the U.S. Internal Revenue Service as well.
gonna be a interesting “Ashely Madison” like case for the Bitmex email leaks ..
Anybody using .gov email or .edu email? 👀👀👀 and nice source of tax collection pointer for IRS too if they do a quick scan
— Dovey 以德服人 Wan 🗝 🦖 (@DoveyWan) November 1, 2019
There is very little users can do other than to make sure they’re not using the same password across multiple sites, starting with BitMEX itself.
Image: Marco Verch/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
