Following the recently reported email leak at the crypto derivatives trading platform, BitMEX, the company released an official statement today, assuring users that aside from email addresses, no personal or account information was disclosed.
The company’s Deputy Chief Operating Officer, Vivien Khoo, who wrote the post, admitted that the accident which occurred on Nov 1 resulted from a failure in the internal bulk email service of the company.
The company emphasized that they do not send mass emails to users because of the difficulties that come with the job of large services such as BitMEX. They only send mass emails only when it is necessary to do so, and this occurs rarely.
A reported BitMEX Indices Update, which would affect the prices of all their products, was significant to be added to the bulk email since all their users needed to know about it.
The company further explained that the sending of such bulk emails was a challenging task since it was on a global scale. The job would have taken up to 10 hours to be completed, but they wanted to make sure that the customers received the same information on a more reasonable timescale. This desire to speed up the process led to a mistake in the program, thus leaking the email addresses of their customers.
Upon discovering the leak, however, BitMEX immediately stopped the sending of further emails and took steps to alleviate the problem.
They achieved that result, although the damage was already done, by canceling requests from accounts that did not have two-factor authentication and later forced a password reset for all users with balances and without two-factor devices.
Regarding a reported overtaking of the BitMEX Twitter handle on the same day of the incident, the company revealed that an external individual accessed the account. However, the account hack reportedly was not in any way related to the leak as it was brought back under BitMEX control within six minutes.