BitMEX on User Info Leak: No Data Was Disclosed Beyond Emails

BitMEX, the biggest crypto exchange by trade volume to date, says that no other data except email addresses has been disclosed in a recent email leak.

After the first reports on the accident on Nov. 1, BitMEX released an official statement on the issue Nov. 4, emphasizing that no personal or account information has been disclosed beyond email addresses.

In the post, written by the firm's deputy COO Vivien Khoo, BitMEX confirmed that the recent email leak took place on Nov. 1 and was a result of a failure in the company's internal bulk email service.

BitMEX stressed that they only send mass emails to all users on a rare occasion and only when absolutely necessary, claiming that the exchange has not sent any bulk emails since 2017.

BitMEX elaborated that the BitMEX Indices Update was important enough to be included in a mass email to customers.

"It will impact pricing of all of our products - that we felt it necessary to inform all our users about it," BitMEX explained.

The exchange further admitted that there was a desire to speed up the delivery of emails as BitMEX found out that the initial send request would have taken up to 10 hours to complete.

After the exchange discovered the leak, BitMEX immediately stopped further emails from being sent and initiated a number of measures to mitigate the damage such as forced password resets for all users with balances and without two-factor authentication.

In the post, BitMEX also mentioned hackers taking over the company's Twitter right after the email leak issue on Nov. 1.

The exchange said that the Twitter accident was unrelated to this action, stating that the account was back under BitMEX control within 6 minutes.