The BitMEX crypto exchange explained how the recent email leakage happened and assured users that no other data was leaked.
Last Friday, thousands of emails addressed belonging to BitMEX were accidentally shared through a mass email in the “to” field.
The issue quickly garnered a response from social media, as it was heavily debated on Twitter by crypto users. Also, the Binance exchange released a step-by-step guide for users that own accounts on BitMEX and Binance on how to change their Binance emails to prevent hacks to their respective accounts.
Now that the problem has died down, BitMEX has explained on its blog why the emails were made public, while also providing advice to those that were affected by the accidental exposure.
“We would like to apologise unreservedly for the concern this has caused. Below contains further information about what happened, how we can assist you and some steps that you can take to improve your protection.”- read the post.
On Friday, November 1, BitMEX had issued the index change which would affect the pricing of all the exchange’s supported cryptos. While sending this mass email regarding the index change, the BitMEX team encountered some technical problems, as the email had to be sent on a global scale.
“BitMEX is a global business that sends emails to many different email providers. Email deliverability itself is a multi-layered problem, involving decades of work in building sender reputation systems and automatic spam filters. Unfortunately, this makes the job of large services such as BitMEX difficult at times: we only send mass emails to all users on rare occasions.”
To facilitate the sending of mass emails, BitMex developed a proprietary system that could deliver thousands of emails faster.
“BitMEX has not sent an email to every customer at once since 2017, and much has changed since then. When we initiated the send, it became clear that it would take upwards of 10 hours to complete, and there was a desire on the team to ensure users received the same material information on a more reasonable timescale.”
The tool was rewritten to send emails faster by sending a stack of 1,000 addresses at a time.
“Unfortunately, due to the time constraints, this was not put through our normal QA process. It was not immediately understood that the API call would create a literal concatenated “To:” field, leaking customer email addresses. As soon as we became aware, we immediately prevented further emails from being sent and have addressed the root cause. Since then we have been aiding all who have been affected as best we can and mitigating the damage to contain the leak.”
BitMEX assured users that no other data, except for the email addresses, were leaked in the process.
Featured image: MetaCompliance