Bitmex snet an email with CC to own customers. Hundreds emails exposed.

audaciousbeing

hero member

Activity: 1330

Merit: 569

Quote from: s1lverbox on November 01, 2019, 05:24:51 AM

Be careful out there.

Bitmex sent email exposing all email accounts by cc.

More here:
https://twitter.com/cryptochangex/status/1190208624209125376?s=19

If using bitmex change your password and remove funds.

This is one error that should not have happened under any guise but yes it has happened. The only thing people need to worry about is be more care when they receive mail from Bitmex and try to double check and confirm before acting on such mail and at the same time be weary of mails promising some unimaginable returns without taking time to understand why you are receiving such message in the myriad of people that could be interested in such "opportunity".

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: GreatArkansas on November 01, 2019, 11:07:51 PM

There was an e-mail sent to my email yesterday regarding of this issue.
The title of the e-mail is Statement on the Email Privacy Issue Impacting Our Users.

.
The e-mail was sent has content about the the recent issue of bitmex which was the email addresses exposed.
There was also instruction how we can be safe of this issue like it was stated and much suggested to create a new account with new email address, setting up 2FA, etc.

I also got curious when they give some link to their website especially to the register page, there is a referral link embedded to the e-mail was sent. That's why I started to think it this e-mail is not legit

Thank you for having reported it here. For the beginners, be careful domain names like "@bitmex-explained.com" etc aren't legit, the only true one is "@bitmex.com"

GreatArkansas

legendary

Activity: 2506

Merit: 1394

There was an e-mail sent to my email yesterday regarding of this issue.
The title of the e-mail is Statement on the Email Privacy Issue Impacting Our Users.

.
The e-mail was sent has content about the the recent issue of bitmex which was the email addresses exposed.
There was also instruction how we can be safe of this issue like it was stated and much suggested to create a new account with new email address, setting up 2FA, etc.

I also got curious when they give some link to their website especially to the register page, there is a referral link embedded to the e-mail was sent. That's why I started to think it this e-mail is not legit

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: figmentofmyass on November 01, 2019, 05:28:37 PM

i assume somebody's getting fired over this. it's a pretty unbelievable level of incompetence.

Twitter rumours(so obviously take it with a huge grain of salt) has it that the person responsible for this did get fired. I'm not surprised because this sure is a very amateur mistake for such a wealthy service as BitMEX. Like what the heck, they sent their emails carelessly in a way that even email spammers actually did it better.

nreal

full member

Activity: 932

Merit: 100

arcs-chain.com

It is unbelievable that a large exchange like Bitmex is so weak in terms of security, Previously Binance with hacked millions of dollars and exposed user information. I wonder, do those exchanges really put security first?

cryptothreads

hero member

Activity: 1274

Merit: 500

Quote from: hello_good_sir on November 01, 2019, 04:10:43 PM

Quote from: mk4 on November 01, 2019, 06:01:33 AM

Quote from: s1lverbox on November 01, 2019, 05:24:51 AM

If using bitmex change your password and remove funds.

More like change your emails. Passwords aren't leaked so don't worry, funds are safe. But sure changing password also helps, just to be sure.

But anyway, this is a perfect example of why you should use separate email accounts for your individual exchange accounts. Expect to see the leaked email accounts to be receiving a good number of spam and scam emails.

If Bitmex was stupid enough to leak their entire client base of emails via a rookie mistake, I'm not sure they are going to be taking their customer security and privacy very well.

I'd update your password and add 2fa just in case, especially if you have funds in the wallet - 2 minute of effort could save you a lot of money in the future.

Anyway, enjoy the new crypto spam emails guys, I have no doubt that these emails are going to be added to a new database and marketed as crypto investors.

I think these emails have been made public and will put a lot of risk to investors because every day there will be hundreds of projects sending us emails and that's really annoying. I am also a victim in this exchange and hope that Bitmex can allow users to change emails because I do not want to receive spam. Currently, other exchanges such as Okex also allow users to change email if their account is related to Bitmex.

In my opinion this will be an issue that will be mentioned a lot and Bitmex deserves complaints from investors because Bitmex makes us no longer safe.

figmentofmyass

legendary

Activity: 1652

Merit: 1483

Quote from: LeGaulois on November 01, 2019, 04:45:05 PM

Because someone knows your email it doesn't mean he can use it. Not even need to change your password if you're not dumb enough to use the same password everywhere...

over 80% of people reuse passwords. and most people use passwords that are broken fairly easily too. getting an email list like this is half the battle for hackers.

Quote from: ChrisPop on November 01, 2019, 06:04:00 AM

Another proof of unprofessionalism from Bitmex. I think Arthur is trying to destroy his business and leave a bad reputation. I mean come on.. everybody knows that you need to triple check before sending a mass email, especially someone who is working on the marketing/customer service department.

i assume somebody's getting fired over this. it's a pretty unbelievable level of incompetence.

Oilacris

hero member

Activity: 2996

Merit: 609

Quote from: LeGaulois on November 01, 2019, 04:45:05 PM

while Bitmex is learning how to use their email software correctly... Cheesy

Nah, a common thing where services do see their own fault and then they do learn from it but on the other side their reputation been tarnished.

This might not really be too big but a leak is always a leak and does do pertain on security matters.Hesitations is already there.

LeGaulois

copper member

Activity: 2940

Merit: 4101

Top Crypto Casino

Because someone knows your email it doesn't mean he can use it. Not even need to change your password if you're not dumb enough to use the same password everywhere... Just be ready to receive a dozen spams daily now. Another reason why to create an email only for exchange platforms
By the way, while Bitmex is learning how to use their email software correctly... Cheesy

Kemarit

legendary

Activity: 3080

Merit: 1353

Quote from: boltz on November 01, 2019, 11:10:42 AM

First nanoledger and now Bitmex ? Seems that hackers are more active this period of the year in trying to catch some extra coins. I would advice anyone who is having a bitmex account to immediately secure the account with 2FA in order to prevent hacking followed by a change of e-mail.

We all know that when hackers are getting more active than usual , big things coming to cryptos , right ?

Hackers are always one step of the game, I'd say they really targeted crypto's because of the big money involved.

Yeah, just do the necessary here, specially changing your emails, at least your chances of being hack are slim. Good damn, I don't know how the hell did Bitmex made this kind of stupid mistakes.

Quote

Statement on Email Privacy Issue Impacting Our Users
1 November 2019 BitMEX

We are aware that some of our users have received a general user update email earlier today, which contained the email addresses of other users.

Our team have acted immediately to contain the issue and we are taking steps to understand the extent of the impact. Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue.

The privacy of our users is a top priority and we are very sorry for the concern this has caused to our users.
Updated: 1 November 2019

https://blog.bitmex.com/statement-on-email-privacy-issue-impacting-our-users/

hello_good_sir

hero member

Activity: 1008

Merit: 531

Quote from: mk4 on November 01, 2019, 06:01:33 AM

Quote from: s1lverbox on November 01, 2019, 05:24:51 AM

If using bitmex change your password and remove funds.

More like change your emails. Passwords aren't leaked so don't worry, funds are safe. But sure changing password also helps, just to be sure.

But anyway, this is a perfect example of why you should use separate email accounts for your individual exchange accounts. Expect to see the leaked email accounts to be receiving a good number of spam and scam emails.

If Bitmex was stupid enough to leak their entire client base of emails via a rookie mistake, I'm not sure they are going to be taking their customer security and privacy very well.

I'd update your password and add 2fa just in case, especially if you have funds in the wallet - 2 minute of effort could save you a lot of money in the future.

Anyway, enjoy the new crypto spam emails guys, I have no doubt that these emails are going to be added to a new database and marketed as crypto investors.

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: adroitful_one on November 01, 2019, 08:56:50 AM

The passwords weren't leaked. However, there has been a lot of database hacks and your leaked e-mail address could be listed in one of these. Be sure to check here if your information has been posted:
https://haveibeenpwned.com/

The biggest danger in your e-mail address being leaked is you being listed in one of the other websites database when it got hacked. Even if you weren't part of this e-mail, it wouldn't hurt to go and check yourself out on Have I been Pwned. Don't use the same password on every site and you should probably be fine. However, you will probably be receiving spam e-mails for different crypto products now.

I agree haveibeenpwned.com is already up-to-date with the bitmex leak, I found my bitmex email address there. It's already listed in 2 explicit files on the clear net. One file of 6000 email addresses and the other one of 7000.

veleten

legendary

Activity: 2016

Merit: 1107

affects exchange more than the users , you can change your e-mail if you want
but the reputation ( for making amateur mistakes ) is gonna be spoiled for Bitmex forever
well getting extra spam is not fun , but nothing else is leaked , so if your e-mail password is strong and you don't store money at the exchanges
you should be all good when you change your pass there

rijaljun

sr. member

Activity: 1274

Merit: 267

Quote from: s1lverbox on November 01, 2019, 05:24:51 AM

Be careful out there.

Bitmex sent email exposing all email accounts by cc.

More here:
https://twitter.com/cryptochangex/status/1190208624209125376?s=19

If using bitmex change your password and remove funds.

Funds are safe I think and just the email that could be a target of hackers or scammers.

But, this is absolutely a big deal for BitMex. Big company like BitMex should not do this kind of mistake or they will lose lot of users.

It is up to them, to change email or withdraw their fund. Sooner or later, they will need to move to new platform anyway.

unsoindovo

legendary

Activity: 1932

Merit: 1042

https://locktrip.com/?refId=40964

a lot of thread related to this topic were opened and a lot will be opened new ones.
BitMex users are thousands!
Plz, centralize bitMex topic just in one thread.
maybe the oldest one!

thank you.

th3nolo

hero member

Activity: 1232

Merit: 669

Quote from: mk4 on November 01, 2019, 06:01:33 AM

Quote from: s1lverbox on November 01, 2019, 05:24:51 AM

If using bitmex change your password and remove funds.

More like change your emails. Passwords aren't leaked so don't worry, funds are safe. But sure changing password also helps, just to be sure.

But anyway, this is a perfect example of why you should use separate email accounts for your individual exchange accounts. Expect to see the leaked email accounts to be receiving a good number of spam and scam emails.

If you change your email you have to wait 24 hours before you can make a withdrawal, so it is better to make the withdrawal and once made change email and password.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: boltz on November 01, 2019, 11:10:42 AM

First nanoledger and now Bitmex ?

Are you referring to Ledger? The hardware wallet company? What is there to leak?

Quote from: boltz on November 01, 2019, 11:10:42 AM

Seems that hackers are more active this period of the year in trying to catch some extra coins. I would advice anyone who is having a bitmex account to immediately secure the account with 2FA in order to prevent hacking followed by a change of e-mail.

Quote from: crwth on November 01, 2019, 11:30:08 AM

As far as I know based on the available information right now, the problem is very most likely from BitMEX's side, rather than from an outside malicious person. It was an email address leak rather than an email database credentials leak.

So obviously, change email accounts if you don't want to be spammed.

image source: https://twitter.com/sakuraricebird/status/1190167326898806784

Quote from: crwth on November 01, 2019, 11:30:08 AM

I don't think it's Arthur's fault. Just read this article [2]

Sure. Might not technically be Arthur's fault, but he definitely takes some blame as it's his company.

crwth

copper member

Activity: 2940

Merit: 1280

https://linktr.ee/crwthopia

I have posted in Beginners & Help [1] with a concern about safety with our information, hence the recent happenings with Bitmex. I just came to stumble upon this thread as well. We still have to be thankful that the funds are still safe with regard to security. It's just the information. I'm not saying it's a good thing but it's great that's it's only that.

I received an email (you can see on the reference also [1] what hackers could do with that leaked info, they could easily send you something that might not be good for your private information or something. It's still best to be aware of what happened and know what to do next.

The best things to do now are shown below:

Would be wise to change passwords, use a password manager to be safe (making sure that you have different passwords across different platforms)
Watch out for spam that could send you different emails that could lead to your account being breached [1]
Check your email too if it has been used or something

Anyways, it will be good to let this news be widespread as possible so that people who are Bitmex users are informed. They might do something that they might regret later on.

Quote from: ChrisPop on November 01, 2019, 06:04:00 AM

Another proof of unprofessionalism from Bitmex. I think Arthur is trying to destroy his business and leave a bad reputation.

I don't think it's Arthur's fault. Just read this article [2]

dothebeats

legendary

Activity: 3542

Merit: 1352

Cashback 15%

Whoever organizes their email system must be held accountable for this. The easiest thing to avoid being a target of phishing and/or other attacks due to this mismanagement is to simply change your email and hope that they will not do the same mistake again. It seems as though they have been compromised somewhat but that in itself is not an excuse that customers should accept.

Change your emails ASAP in order to not receive weird emails targeting your funds.

boltz

legendary

Activity: 3346

Merit: 1203

First nanoledger and now Bitmex ? Seems that hackers are more active this period of the year in trying to catch some extra coins. I would advice anyone who is having a bitmex account to immediately secure the account with 2FA in order to prevent hacking followed by a change of e-mail.

We all know that when hackers are getting more active than usual , big things coming to cryptos , right ?

adroitful_one

legendary

Activity: 1568

Merit: 1041

1GhxHtabWhEpdb7e7oEJ2vd542n33BwTHR

Quote from: unsoindovo on November 01, 2019, 06:45:54 AM

Quote from: s1lverbox on November 01, 2019, 05:24:51 AM

Be careful out there.

Bitmex sent email exposing all email accounts by cc.

More here:
https://twitter.com/cryptochangex/status/1190208624209125376?s=19

If using bitmex change your password and remove funds.

If you have a 2fa Auth, your risk to be hacked its really low.
In truth, if you have a good password, of course not "password" or "12345678" or something like that, It's really low, though!

But to feel more confortable, you can withdraw all your funds, open new account, and deposit there all your withdrawed funds.
But doing this, you need to pay fees.!

The decision is your!

The passwords weren't leaked. However, there has been a lot of database hacks and your leaked e-mail address could be listed in one of these. Be sure to check here if your information has been posted:
https://haveibeenpwned.com/

The biggest danger in your e-mail address being leaked is you being listed in one of the other websites database when it got hacked. Even if you weren't part of this e-mail, it wouldn't hurt to go and check yourself out on Have I been Pwned. Don't use the same password on every site and you should probably be fine. However, you will probably be receiving spam e-mails for different crypto products now.

unsoindovo

legendary

Activity: 1932

Merit: 1042

https://locktrip.com/?refId=40964

Quote from: s1lverbox on November 01, 2019, 05:24:51 AM

Be careful out there.

Bitmex sent email exposing all email accounts by cc.

More here:
https://twitter.com/cryptochangex/status/1190208624209125376?s=19

If using bitmex change your password and remove funds.

If you have a 2fa Auth, your risk to be hacked its really low.
In truth, if you have a good password, of course not "password" or "12345678" or something like that, It's really low, though!

But to feel more confortable, you can withdraw all your funds, open new account, and deposit there all your withdrawed funds.
But doing this, you need to pay fees.!

The decision is your!

ChrisPop

legendary

Activity: 2310

Merit: 1035

Not your Keys, Not your Bitcoins

Another proof of unprofessionalism from Bitmex. I think Arthur is trying to destroy his business and leave a bad reputation. I mean come on.. everybody knows that you need to triple check before sending a mass email, especially someone who is working on the marketing/customer service department.

FruitsBasket

legendary

Activity: 1232

Merit: 1017

Hackers will use these data leaks in combination with haveibeenpowned password lists and proxie servers to try to login to your account. Updated email, password and use 2FA!

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: s1lverbox on November 01, 2019, 05:24:51 AM

If using bitmex change your password and remove funds.

More like change your emails. Passwords aren't leaked so don't worry, funds are safe. But sure changing password also helps, just to be sure.

But anyway, this is a perfect example of why you should use separate email accounts for your individual exchange accounts. Expect to see the leaked email accounts to be receiving a good number of spam and scam emails.

s1lverbox

legendary

Activity: 2324

Merit: 1039

Be careful out there.

Bitmex sent email exposing all email accounts by cc.

More here:
https://twitter.com/cryptochangex/status/1190208624209125376?s=19

If using bitmex change your password and remove funds.

Topic: Bitmex snet an email with CC to own customers. Hundreds emails exposed. (Read 295 times)