Author

Topic: Leaked information. Are we really safe at all? (Read 634 times)

copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
November 14, 2019, 02:51:08 PM
#43
<…> Although many email addresses were leaked, they were only leaked in batches of 1,000 people to those 1,000 people, so the entire world doesn't necessarily know your BitMex email address if it was leaked.
The thing is that, eventually, some people start putting those together and shift/sell them around. For example, if we take a look at this Tweet (https://twitter.com/lawmaster/status/1190748469633462279), the author claims that:

-   He has got his hands on a list of 23K BitMEX leaked emails (23 batches there).
-   He estimates, and this is interesting, that 70% of the list can be doxed because the email itself use either a name and surname composition, or a unique specific domain name. That is something to consider.

Assuming he is telling the truth (I don’t believe everything I read on Twitter), it would show that these people have a BitMex account. For those with their full name in their email, they may have used an alias.

It should remain that it is a best practice to take care to verify the content of any emails or messages are accurate before relying on the information or taking action based on its content.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
<…> Although many email addresses were leaked, they were only leaked in batches of 1,000 people to those 1,000 people, so the entire world doesn't necessarily know your BitMex email address if it was leaked.
The thing is that, eventually, some people start putting those together and shift/sell them around. For example, if we take a look at this Tweet (https://twitter.com/lawmaster/status/1190748469633462279), the author claims that:

-   He has got his hands on a list of 23K BitMEX leaked emails (23 batches there).
-   He estimates, and this is interesting, that 70% of the list can be doxed because the email itself use either a name and surname composition, or a unique specific domain name. That is something to consider.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
Once a email is leaked or involved in something like that i dont would trust the email anymore and try to get a new one !
Maybe try to get one email for one Exchange and not for many so the chance is less that other things get hacked maybe or some more damage coming !
It is best to to use unique email addresses for each financial account, but I don't believe an email address associated with a financial account makes it unreliable.

There are many people who have publicly facing email addresses, and many of them probably use those same email addresses with some of their financial accounts.

As long as you use completely unique passwords (not password1, password2, password3, and so on) with each account, you should be generally safe.


I received a handful of spam emails, and another handful of scam emails to my throwaway email associated with my BitMex account, but after ignoring all of them, they stopped after a few days. Although many email addresses were leaked, they were only leaked in batches of 1,000 people to those 1,000 people, so the entire world doesn't necessarily know your BitMex email address if it was leaked.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
This is just an opportunist seeing an opportunity to spam his referral link and nothing for you to worry about. Some exchanges offer small rewards for people who refer other people to their platform, so these users will use every opportunity to spam that referral link, without people noticing it.

I am not sure if Bitmex has some reward program in place for referrals, because I am not registered on their site. I doubt if I would ever sign up with them after what has happened.  Roll Eyes  Edit : https://www.bitmex.com/app/affiliates <-- Now I am sure.  Cool

The Golden rule --> Never click on links provided to you in unsolicited emails.  Wink
full member
Activity: 1176
Merit: 162
These websites and programs are made by person so it can be hacked or infiltrated by a person too. We are not really safe that is why I am not comfortable uploading sensitive data like KYC details. Cryptocurrency is meant to be anonymous and free but I guess it is needed enable to work with regulations.
hero member
Activity: 2366
Merit: 838
If you want to be super overly paranoid then you might as well assume as soon as there is another third party involved your data has already been compromised. This could be from leaks or this could be from employees seeing that data by routinely reviewing it.

Realistically you can never protect your data 100% because at some point you will need to involve a third party in whatever sector of your life. Bitcoin data with the KYC requirements and the increasing amount of laws being put in place for Bitcoin will mean data will need to be submitted if you are to ever exchange Bitcoin.
When personal identities uploaded on online environments, it does not matter who or which ones store that data, from governments to exchanges, there are higher risks to lose our identities that in turn will be likely compromised for bad and shady purposes, not only financial compromises but also other things.

When KYCs first required mandatorily on some big exchanges, people were paranoid but they turned into more familiar with KYCs. I believe that months or years later when KYCs are one of prerequisites to be eligble using crypto exchanges, people will not paranoid about that. Third-party or not, there are also risks with KYCs, in my opinion.

At current period, we have options to choose KYC-required exchanges or KYC-free exchanges but in the future I don't think we will have such KYC-freedom.
legendary
Activity: 1232
Merit: 1080
If you want to be super overly paranoid then you might as well assume as soon as there is another third party involved your data has already been compromised. This could be from leaks or this could be from employees seeing that data by routinely reviewing it.

Realistically you can never protect your data 100% because at some point you will need to involve a third party in whatever sector of your life. Bitcoin data with the KYC requirements and the increasing amount of laws being put in place for Bitcoin will mean data will need to be submitted if you are to ever exchange Bitcoin.
legendary
Activity: 2478
Merit: 1360
Don't let others control your BTC -> self custody
Once a email is leaked or involved in something like that i dont would trust the email anymore and try to get a new one !
Maybe try to get one email for one Exchange and not for many so the chance is less that other things get hacked maybe or some more damage coming !

You're overdoing it. People voluntarily put their emails in giveaways, newsletters, bounty campaigns, along with their facebook and twitter accounts. It's not like leaked email is going to get you hacked.

There are some golden rules you should follow regardless of whether you're posting your emails at various sites and forums or not.
You should never open attachments and you never answer emails from random people. Don't click links and stuff that you receive in email unless you're expecting something from a service you've just registered in or someone that you know.
legendary
Activity: 2604
Merit: 2353
Don't want to remember it but my email was leaked through this forum. And there were so much bruteforce attack on several of my accounts in different sites. I used to join every site with the single email and that leak made me change email on every sites. With two emails, there were different problems on syncing through my phone and accounts.
Now I'he made different email addresses for my personal and official use while others for crypto related sites.
My bitmex email had been leaked through this so called bug. And for the moment there hasn't been one single attempt to log in my Bitmex account.

BTW it seems you can ask Bitmex support for changing your email address if it had been leaked.
Quote
BitMEX Support (contact here) is working shifts with extra agents, continuing to handle customer requests to change email addresses, answer questions, and provide security assessment and advice.
https://blog.bitmex.com/email-privacy-issue-what-is-happening-and-how-can-we-help/
legendary
Activity: 2296
Merit: 1014
Just fyi, only the email addresses themselves are leaked. So you should be left unaffected(security wise) if you didn't do something so careless like having the same passwords with other accounts.
Which is most common mistake people make.
This is reason one hack could lead to much much much more damage than it should.
Security should be first learning topic by bitcoin users.
legendary
Activity: 3094
Merit: 1069
DGbet.fun - Crypto Sportsbook
Don't want to remember it but my email was leaked through this forum. And there were so much bruteforce attack on several of my accounts in different sites. I used to join every site with the single email and that leak made me change email on every sites. With two emails, there were different problems on syncing through my phone and accounts.
Now I'he made different email addresses for my personal and official use while others for crypto related sites.
hero member
Activity: 2520
Merit: 783
Once a email is leaked or involved in something like that i dont would trust the email anymore and try to get a new one !
Maybe try to get one email for one Exchange and not for many so the chance is less that other things get hacked maybe or some more damage coming !

For this event since the email is leaked I think it's not advisable really to use that eventhough we change the password on it and much better if we create a new separate email for exchange and for other extra curricular activities here so that we can assure that we are safe and maximize the security where our funds held on.
sr. member
Activity: 1078
Merit: 256
I think we are safe if the leaked information is only email addresses. Many people especially scammers are finding a way to get a list of email addresses so they can send whatever they want to send just to scam their victims. There is a thread about leaked email address right?. Use the site that hd49728 has given to check if your email is safe and change your password to make sure.
I agree to that if only email has been compromised but not to the extent that hackers already have the access. If only they've known your email from other account that you participated you can avoid receiving emails like this. But if hackers already have access to your account it's best to change your password or create new emails and start transferring all important information to your new one.
legendary
Activity: 3136
Merit: 3213
Once a email is leaked or involved in something like that i dont would trust the email anymore and try to get a new one !
Maybe try to get one email for one Exchange and not for many so the chance is less that other things get hacked maybe or some more damage coming !
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
I think we are safe if the leaked information is only email addresses. Many people especially scammers are finding a way to get a list of email addresses so they can send whatever they want to send just to scam their victims. There is a thread about leaked email address right?. Use the site that hd49728 has given to check if your email is safe and change your password to make sure.
legendary
Activity: 2604
Merit: 2353
Hence why it's totally frowned upon to use exchanges that requires KYC, because the potential leaks could be a lot more destructive.
the problem is that most reputable exchanges require kyc. You have to verify your identity especially when withdrawing big amounts of money.
Exchanges that do not ask for identity verification usually have small trading volume and you can't be sure if your funds are safe with them or not.
You're right, but Bitmex doesn't ask any KYC in fact. You just need to provide an email address to open an account and to trade whatever amount of money you want. So only your e-mail address is at risk there, no other personal information.
legendary
Activity: 3136
Merit: 3213
the problem is that most reputable exchanges require kyc. You have to verify your identity especially when withdrawing big amounts of money.
Exchanges that do not ask for identity verification usually have small trading volume and you can't be sure if your funds are safe with them or not.

Today you cant be sure if your funds safe at bigger Excanges too .
We have seen that in the past and i have felt this 2 times now in the past and
i advice all that you just deposit so much coins what you want to trade and after that withdraw it back to your wallet.
But if personal Informations got leaked from exchanges its terrible.
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
Hence why it's totally frowned upon to use exchanges that requires KYC, because the potential leaks could be a lot more destructive.
the problem is that most reputable exchanges require kyc. You have to verify your identity especially when withdrawing big amounts of money.
Exchanges that do not ask for identity verification usually have small trading volume and you can't be sure if your funds are safe with them or not.
legendary
Activity: 2730
Merit: 1288
It can happen everywhere. That is why is important you dont just throw your information's on everything. KYC only where you must. Register only where you must. Always use fresh passwords.
It depends if the site is reputable but at least it's just the emails. FYI, Bitmex doesn't ask for KYC, you know. And for the passwords, it's quite easy to handle that with a password manager.


I am talking in general. Do not just throw any of your information's everywhere. Not for some game bonus or anything so stupid. Be responsible and give your information out really if you must. Problem is that most people now think giving away his personal information's is normal. That George Orwell 1984 is totally normal. I find this a huge problem.
hero member
Activity: 1750
Merit: 589

It's kind of weird to receive it, I know it's not a scam because it shows a referral link, hopefully not a phishing one, but knowing that my information has been leaked, it made me feel uneasy with the exchange.

I hope people understand that sometimes it's not your fault that you get compromised. It's to be vigilant with your information also with regards to any suspicious links or emails of any kind. Be careful.


https://cointelegraph.com/news/breaking-bitmex-may-have-just-leaked-all-of-their-users-emails
We are all interconnected via internet, so there's always a possibility of information leakage. If you'll just study the internet deeply, you'll understand that anythung you put in the internet is available to the public regardless of the privacy settings that you have set in your account because simply being connected to the internet is connecting to the world through routers, we are networked to each others and will be linked using IP addresses, so what we could do now is being careful of the information you are about to put on the internet and the activities you'll engage your account within it.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
Only email leaks don't put Bitmex users under losses. Because of people who have access to Bitmex's user email leak don't have access to those emails. What they can do is sending phising things to those email addresses if they want.

Hence, if users are aware of the news, and be careful when using their emails: don't click on links send by strange emails or from familiar emails but if contents or links are strange; they will be safe.

Furthermore, they can change their email passwords, and it is time for them to remind that they use that email for how many accounts on exchanges and other services, and whether they use same passwords over exchanges & services. If they use same passwords, it's time to change as soon as possible.

The news is bad for Bitmex's reputation but not too bad for their users, IMO.

People can check their email status there: https://haveibeenpwned.com/
Regarding to email security, you can use the following site: https://haveibeenpwned.com/
It is very simple to use: Typing your email address, then enter to see it has already been compromised or not. In case your email has been already compromised, it's your turn to reset your password and consider to enhance security and privacy for your email.
There are two types of results:
1. Bad: pwned!
Quote
Oh no — pwned!
Pwned on X breached sites and found no pastes (subscribe to search sensitive breaches)

2. Good: no pwnage found!
Quote
Good news — no pwnage found!
No breached accounts and no pastes (subscribe to search sensitive breaches)
You should take action as quickly as possible if your email checking result fall into the first type.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
I really feel worried about my information on trading platforms and places that require identification.

Hence why it's totally frowned upon to use exchanges that requires KYC, because the potential leaks could be a lot more destructive. Fortunately with this leak, it wasn't THAT devastating(though still very unfortunate).

Do your part and try out non-custodial wallets like Bisq[1] and Hodl Hodl[2].


[1] https://bisq.network/
[2] https://hodlhodl.com/
jr. member
Activity: 53
Merit: 4
I really feel worried about my information on trading platforms and places that require identification. However, similar stories have occurred in many different platforms, even a large trading platform, Binance, has been accused of leaking user information.
legendary
Activity: 3178
Merit: 1054

when you register your email, its already there, you can assume your identity is already compromised but its really not of a big deal. as long as you don't click any link inside your email, i think its safe. i've been receiving many emails, all are just ignored unless they are all pmed in telegram and here in bitcointalk. all people today has their throw away emails used to register so any website.  are kyc documents also compromised in bitmex?
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Given the amount of exposure that emails could get even without it being compromised, I don't believe that having leaked email is that big of a deal. Sure, it does infringe on your privacy and makes you a target for spear-phishing. But I treat an email address the same as my physical house address and assume that it is already exposed and take extra precautions when looking at possible phishing email. It's more dangerous with leaked passwords but as long as you don't use the same password across all your accounts then you're less vulnerable.

Its a whole different story if your identity information got leaked.
sr. member
Activity: 1078
Merit: 310
I think the best thing to do is don't follow any email instructions with regards to this supposedly leakage especially if the sender is not their official email account because it could be a front to a phishing scheme.

I guess the best thing to do if you still have any assets still within that exchange is that you could log in directly to your account via a previously bookmarked BitMex site and check your assets and transfer them to private wallets and change your account credentials and activate any other security measures in your account such as 2FA in order to have a peace of mind . Imho. Smiley
hero member
Activity: 2702
Merit: 672
I don't request loans~
Nothing really new there. No system is perfect after all. I'd avoid any spam emails for now that is received by your email though, seeing that emails were the only information leaked by Bitmex. I'd suggest basically banning and placing all messages related to BitMex to spam folder for at least a month, so that all this farce could be avoided by you. By then, at least from what I think, all related spams and possible scams and malware would've stopped. Still, be safe and replace your password, enable 2FA, account recovery and such.
hero member
Activity: 2128
Merit: 532
FREE passive income eBook @ tinyurl.com/PIA10
Did the link bring you to a secure page or an insecure one? Nowadays we can't even trust those green protocols, sadly.
hero member
Activity: 1946
Merit: 502
We are still safe but the all emails that has been leaked will be recieving phishing messages thats why every user must be aware to any email messages that they will receive . Hopefully bitmex will do immediate action of that leaked emails.
hero member
Activity: 3136
Merit: 591
Leading Crypto Sports Betting & Casino Platform
Expect that there will be a huge wave of phishing links that will be sent to those affected email addresses. It's correct that sometimes it's not our fault why we're receiving these kinds of emails because once they were leaked, those spammers will come to send you unwanted links.
This is the other side of providing KYC to the exchanges that we use. Much better to use only those exchanges that allows us to use them even with limits but doesn't have to provide with KYC. We should remain vigilant with everything we use especially if it's related to our funds.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
The email you received is referral spam. They are trying to get a referral from you.

The leaking of your email will only associate your email address as one as possibly being associated with exchange accounts. As long as you don't reuse passwords and use strong passwords, you should not be at any risk. Your only losses would be that of your privacy, and you already have had maximum losses in this regard.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
Though probably expect a barrage of emails from scammers and referral link spammers(like you just received) so it'd be a good idea to change your email address/alias.
Unfortunately changing your email address on Bitmex will not stop the spam, it's just too late. Your address is now listed in the files of the spammers/scammers and they exchange them on the darknet.
In fact the list is even available on the clear net. I won't paste the url of the file here but you can check if your email address has been leaked on https://haveibeenpwned.com/

How is changing your email address not going to stop the spam? Your email address is what allows them to target you with spam in the first place. Changing your email address with a new one and discarding the old leaked one would effectively stop the spam on your side for sure(but of course, your old email will still be receiving spam hence why you need to change email addresses). This is why people need to use separate email addresses for some(or most) websites.
legendary
Activity: 2604
Merit: 2353
If you take all the neccessary steps like 2FA, email and phone number verification in your Bitmex account, I don't think you have anything to worry about, personally my email address was also compromised but I have no worries at all because it would take a great hacker indeed to have access to my email or Bitmex account, just be security cincious especially when it comes to your funds irregardless of whether your email address was leaked or not, but if it makes you feel any better, you can simply open another Bitmex account with another email that is not known by anybody. 
Phone number verification? Where it is? Are you really sure we can do that on Bitmex?  Huh I've never heard about it before.
sr. member
Activity: 567
Merit: 270
If you take all the neccessary steps like 2FA, email and phone number verification in your Bitmex account, I don't think you have anything to worry about, personally my email address was also compromised but I have no worries at all because it would take a great hacker indeed to have access to my email or Bitmex account, just be security cincious especially when it comes to your funds irregardless of whether your email address was leaked or not, but if it makes you feel any better, you can simply open another Bitmex account with another email that is not known by anybody. 
legendary
Activity: 3136
Merit: 3213
Sad to read and hear that with the leaked emails from Bitmex .
And i am glad i dont have use the platform or there service.
Best way would be for all that be affected on that to change there passwords ,
and maybe make an new email account if they used the leaked one for more services on other Webpages.
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
Just fyi, only the email addresses themselves are leaked.
I didn't panic when I was sent a spam email, I was just wondering HOW they discovered it and how did the sender know I had an account, hence the article announcing the leak of the information.

I did see and post there too. I do think that beginners should have a focused topic here to help them understand that this type of thing happens too.



Just don’t click the links and never trust any emails from Bitmex unless you see it on their official announcements. Even better, just change your email address and you’ll be done with the bombardment of spam, nasty links and other stuff that people might send you.
It's quite easy to see that it's not an official email. That's why I didn't panic to the extent that I need to change my information in the exchange. The fact that they have sent me that kind of email is what bothered me. It's not a bombardment though, it's just one message. I'm not so sure with others though.



It can happen everywhere. That is why is important you dont just throw your information's on everything. KYC only where you must. Register only where you must. Always use fresh passwords.
It depends if the site is reputable but at least it's just the emails. FYI, Bitmex doesn't ask for KYC, you know. And for the passwords, it's quite easy to handle that with a password manager.
hero member
Activity: 2212
Merit: 805
Top Crypto Casino
Bitmex really fucked up with the leak. Now users would get screwed. One of the perks of being a user of an exchange where a data breach occurs is receiving email spams from scammers. I even have one that kept spamming my mails for a while. I had to block their email before it stopped. I should be expecting more spam flood soon. Thanks for the heads up although I got the information in the morning and hurriedly changed my email.
legendary
Activity: 2604
Merit: 2353
Though probably expect a barrage of emails from scammers and referral link spammers(like you just received) so it'd be a good idea to change your email address/alias.
Unfortunately changing your email address on Bitmex will not stop the spam, it's just too late. Your address is now listed in the files of the spammers/scammers and they exchange them on the darknet.
In fact the list is even available on the clear net. I won't paste the url of the file here but you can check if your email address has been leaked on https://haveibeenpwned.com/
legendary
Activity: 2730
Merit: 1288
Leaked information. Are we really safe at all?

It can happen everywhere. That is why is important you dont just throw your information's on everything. KYC only where you must. Register only where you must. Always use fresh passwords.   This forum passwords were hacked at one point of time. That was like 3-5 years ago. It can happen. It can happen 20 years from now when you will already forgot you used some exchange or some forum or service.
legendary
Activity: 3542
Merit: 1352
Cashback 15%
Just don’t click the links and never trust any emails from Bitmex unless you see it on their official announcements. Even better, just change your email address and you’ll be done with the bombardment of spam, nasty links and other stuff that people might send you. No passwords whatsoever were leaked, only someone in their customer support department clicked the wrong button and we have this mayhem laid before us.
jr. member
Activity: 212
Merit: 3
How unfortunate. This is a neverending story with the internet. You can have as many security and software, but there will always be a chance of data leakage and hacks. I think we have to accept the fact that whatever we do on the internet it's never going to be 100% safe.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
Just fyi, only the email addresses themselves are leaked. So you should be left unaffected(security wise) if you didn't do something so careless like having the same passwords with other accounts. Though probably expect a barrage of emails from scammers and referral link spammers(like you just received) so it'd be a good idea to change your email address/alias.

Also, this is already being discussed here: https://bitcointalksearch.org/topic/bitmex-snet-an-email-with-cc-to-own-customers-hundreds-emails-exposed-5197771
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
Recent news broke out about BitMex with them having the current oopsie that they had. No matter how much you are protecting yourself with all the data you have, the security measures that you put into your accounts, there would be times that it's not your fault, and something still happens, and you cannot do something about it.

I reached this conclusion with the recent happenings. Just like that, I have been sent an email concerning BitMex saying that my account was compromised. I haven't seen the article [1] yet, and I was curious why I received this email. I'm pretty sure I haven't posted anything connected to my email that I have an account on BitMex.



It's kind of weird to receive it, I know it's not a scam because it shows a referral link, hopefully not a phishing one, but knowing that my information has been leaked, it made me feel uneasy with the exchange.

I hope people understand that sometimes it's not your fault that you get compromised. It's to be vigilant with your information also with regards to any suspicious links or emails of any kind. Be careful.


https://cointelegraph.com/news/breaking-bitmex-may-have-just-leaked-all-of-their-users-emails
Jump to: