While a large cryptocurrency exchange BitMEX Today faced with a data breach, another trading platform, Deribit, had a glitch that cost the company at least $ 1,3 million. (Updated at 13:43 UTC: updates throughout the first part of the text.)
On Friday, BitMEX sent out a massive email to update its indexes, but instead of using the BCC option, which would hide the email addresses of the recipients, the company used the CC option.
This means that anyone can see the email addresses of the recipients. This is a problem, as these addresses will not only end up in one million and one spam lists, but can also be used by hackers and scammers. Since hackers now potentially know which emails are being used to log into the exchange, this could lead to a serious disaster.
BitMex confirmed that “some” of their users received an email with the email addresses of other users in the “to” field: “This was the result of a software bug that has now been fixed.”
The company claims that, in addition to email addresses, no other personal data or account information was disclosed and no further emails were sent.
"The bug that led to this has been identified and fixed, ensuring that our usual high privacy standards are met," they said, promising to introduce "additional features to further protect our users."
The company also issued a security guide for its users:
- “Pay attention to phishing attempts. Emails from BitMEX are sent from" [email protected] "and" [email protected] ". Add these email addresses to your contact list to keep these emails out of your spam folder. BitMEX will never ask you for your password.
- BitMEX will never ask you to transfer funds. The only way to fund your BitMEX account is to send bitcoins to your unique BitMEX deposit address. Your unique BitMEX deposit address begins with "3BMEX" or "3BitMEX" and can be found on the deposit page of your BitMEX account.
- Please pay attention to our official BitMEX communication channels ... These are our main official social media channels, and only the instructions provided by these methods should be followed.
- We would like to remind all our users to protect their accounts using strong and unique passwords; enable two-factor authentication (2FA) for all your accounts (both BitMEX and personal); and use a password manager. Further instructions and tips can be found. here . "
Meanwhile, other exchanges such as Binance и Bitfinex Also warn their users to change their email accounts if they are on the CC list of the sent email and they have an account under the same address. It is usually a good idea for users to do it for all other exchanges too.
“Use a unique email address and a unique password for each exchange. Use a password manager to remember strong passwords for you,” added Changpeng Zhao, CEO of Binance.