Cryptocurrency exchange BitMEX has inadvertently doxed its users after someone at the company forgot to use blind copy (bcc) on a mass email, revealing, and potentially compromising, users‘ email addresses.
“We are aware that some of our users have received a general user update email earlier today, which contained the email addresses of other users,” a statement issued by the company reads.
“Our team have acted immediately to contain the issue and we are taking steps to understand the extent of the impact. Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue,” it continues, “The privacy of our users is a top priority and we are very sorry for the concern this has caused to our users.”
As you can probably imagine, the incident didn’t go unnoticed, with many cryptocurrency enthusiasts discussing the news on Twitter.
BitMEX just doxxed its users in the most outrageously incompetent way imaginable: forgetting to use blind copy on mass email. Someone must be cleaning out their desk already. https://t.co/KmARzImxnk
— Jake Chervinsky (@jchervinsky) November 1, 2019
BitMEX just doxx’d thousands of their customers by sending a mass email and not adding recipients to BCC. Good luck recovering from a fuck up of this magnitude https://t.co/S71CsEJcHv
— Larry Cermak 🦁 (@lawmaster) November 1, 2019
Although it was BitMEX that made the mistake, the blunder could have wide-ranging implications for all industry services, as users are now potentially vulnerable to hackers who could easily exploit the information to swindle their cryptocurrency holdings.
It’s advisable that users change their email addresses, not only on BitMEX, but everywhere else.
How this happened is beyond me, because email clients should protect against this kind of blunder, but changing your email address wouldn’t go amiss.