BitMEX said its internal processes had "failed" last week, eventually exposing thousands of stock market customers to confidentiality risks.
On Monday, in a company blog, the crypto-derivatives exchange announced the failure of its bulk messaging operation, which caused most BitMEX users to publicly expose their addresses. courier via a carbon copy (CC) on November 1st.
The data provider Skew says that BitMEX has some 22,000 daily users, although the number of exposed email addresses is probably much higher.
Major mail servers imposing restrictions on the mass mailing of emails, the firm said:
"To remedy this, we have created an internal system to manage the rendering, translation, staging and fragmentary sending (so as not to trigger speed limits) of sending important emails. . "
The Exchange has indicated that it rarely sends e-mails to all users, the last of this size delivered in 2017. To speed up the process, the Exchange's messaging systems API was changed at the last minute but did not undergo the usual verification process.
"BitMEX is a global company that sends emails to many email providers," said Vivien Khoo, assistant general manager of operations, in an article published on the blog. "Unfortunately, this sometimes makes it difficult for large services such as BitMEX to work."
The exchange stated that it had stopped sending new batches of emails as soon as the problem was acknowledged.
In response to the leak, BitMEX reported that it had used password reset and manual verification of endangered accounts. All users with no two-factor authentication (2FA) and account balances had reset passwords after the exchange found hostile attempts to access accounts.
In an email sent last Friday to CoinDesk, Khoo reiterated that no other personal information had been disclosed.
"Beyond e-mail addresses, no personal data or account information has been disclosed during this issue."
Image of Arthur Hayes, BitMEX CEO via BitMEX