BitMEX explained the causes and consequences of the data leakage incident
We appreciate our users’ patience as we have worked to resolve the recent email privacy issue. We’ve published a blog on everything you need to know about the incident, what happened and next steps. See our blog for details: https://t.co/L3OQtYydV3— BitMEX (@BitMEXdotcom) November 4, 2019
On Friday, November 1, the majority of users of the site received a letter notifying them of changes in the calculation of indexes for pricing derivative products. However, in the field “To:” the exchange disclosed the addresses of other recipients.
The distribution was carried out in packs of 1000 people each. Accordingly, each letter disclosed 1000 addresses.
Some users received correct notifications without compromising the data or did not receive the letter at all.
After the incident, the security service identified several accounts carrying out suspicious activity. Their owners had to change their passwords and in some cases pass an additional check in the support service.
The exchange almost immediately closed the withdrawal for accounts:
without two-factor authentication;
Withdrawals after address compromising;
Withdrawals to previously unknown Bitcoin addresses;
incoming from previously unknown IP addresses.
BitMEX urged all users to install 2FA on their mail and stock account.
Representatives of the organization also explained that shortly after the incident, an unknown person took control of the Twitter-page of the exchange for six minutes.