Bitcoin Forum

Be careful out there.

Bitmex sent email exposing all email accounts by cc.

More here:
https://twitter.com/cryptochangex/status/1190208624209125376?s=19


If using bitmex change your password and remove funds.

More like change your emails. Passwords aren't leaked so don't worry, funds are safe. But sure changing password also helps, just to be sure.

But anyway, this is a perfect example of why you should use separate email accounts for your individual exchange accounts. Expect to see the leaked email accounts to be receiving a good number of spam and scam emails.

Hackers will use these data leaks in combination with haveibeenpowned password lists and proxie servers to try to login to your account. Updated email, password and use 2FA!

Another proof of unprofessionalism from Bitmex. I think Arthur is trying to destroy his business and leave a bad reputation. I mean come on.. everybody knows that you need to triple check before sending a mass email, especially someone who is working on the marketing/customer service department.

If you have a 2fa Auth, your risk to be hacked its really low.
In truth, if you have a good password, of course not "password" or "12345678" or something like that, It's really low, though!

But to feel more confortable, you can withdraw all your funds, open new account, and deposit there all your withdrawed funds.
But doing this, you need to pay fees.!

The decision is your!

The passwords weren't leaked. However, there has been a lot of database hacks and your leaked e-mail address could be listed in one of these. Be sure to check here if your information has been posted:
https://haveibeenpwned.com/ (https://haveibeenpwned.com/)

The biggest danger in your e-mail address being leaked is you being listed in one of the other websites database when it got hacked. Even if you weren't part of this e-mail, it wouldn't hurt to go and check yourself out on Have I been Pwned. Don't use the same password on every site and you should probably be fine. However, you will probably be receiving spam e-mails for different crypto products now.

First nanoledger and now Bitmex ? Seems that hackers are more active this period of the year in trying to catch some extra coins. I would advice anyone who is having a bitmex account to immediately secure the account with 2FA in order to prevent hacking followed by a change of e-mail.

We all know that when hackers are getting more active than usual , big things coming to cryptos , right ?

Whoever organizes their email system must be held accountable for this. The easiest thing to avoid being a target of phishing and/or other attacks due to this mismanagement is to simply change your email and hope that they will not do the same mistake again. It seems as though they have been compromised somewhat but that in itself is not an excuse that customers should accept.

Change your emails ASAP in order to not receive weird emails targeting your funds.

I have posted in Beginners & Help [1] (https://bitcointalk.org/index.php?topic=5197857) with a concern about safety with our information, hence the recent happenings with Bitmex. I just came to stumble upon this thread as well. We still have to be thankful that the funds are still safe with regard to security. It's just the information. I'm not saying it's a good thing but it's great that's it's only that.

I received an email (you can see on the reference also [1] (https://bitcointalk.org/index.php?topic=5197857) what hackers could do with that leaked info, they could easily send you something that might not be good for your private information or something. It's still best to be aware of what happened and know what to do next.

The best things to do now are shown below:

• Would be wise to change passwords, use a password manager to be safe (making sure that you have different passwords across different platforms)
• Watch out for spam that could send you different emails that could lead to your account being breached [1] (https://bitcointalk.org/index.php?topic=5197857)
• Check your email too if it has been used or something

Anyways, it will be good to let this news be widespread as possible so that people who are Bitmex users are informed. They might do something that they might regret later on.

---

I don't think it's Arthur's fault. Just read this article [2]  (https://cointelegraph.com/news/breaking-bitmex-may-have-just-leaked-all-of-their-users-emails)

Are you referring to Ledger? The hardware wallet company? What is there to leak?

As far as I know based on the available information right now, the problem is very most likely from BitMEX's side, rather than from an outside malicious person. It was an email address leak rather than an email database credentials leak.

So obviously, change email accounts if you don't want to be spammed.


Sure. Might not technically be Arthur's fault, but he definitely takes some blame as it's his company.

If you change your email you have to wait 24 hours before you can make a withdrawal, so it is better to make the withdrawal and once made change email and password.

a lot of thread related to this topic were opened and a lot will be opened new ones.
BitMex users are thousands!
Plz, centralize bitMex topic just in one thread.
maybe the oldest one!

thank you.

Funds are safe I think and just the email that could be a target of hackers or scammers.

But, this is absolutely a big deal for BitMex. Big company like BitMex should not do this kind of mistake or they will lose lot of users.

It is up to them, to change email or withdraw their fund. Sooner or later, they will need to move to new platform anyway.

affects exchange more than the users , you can change your e-mail if you want
but the reputation ( for making amateur mistakes ) is gonna be spoiled for Bitmex forever
well getting extra spam is not fun , but nothing else is leaked , so if your e-mail password is strong and you don't store money at the exchanges
you should be all good when you change your pass there

I agree haveibeenpwned.com is already up-to-date with the bitmex leak, I found my bitmex email address there. It's already listed in 2 explicit files on the clear net. One file of 6000 email addresses and the other one of 7000.

If Bitmex was stupid enough to leak their entire client base of emails via a rookie mistake, I'm not sure they are going to be taking their customer security and privacy very well.

I'd update your password and add 2fa just in case, especially if you have funds in the wallet - 2 minute of effort could save you a lot of money in the future.

Anyway, enjoy the new crypto spam emails guys, I have no doubt that these emails are going to be added to a new database and marketed as crypto investors.

Hackers are always one step of the game, I'd say they really targeted crypto's because of the big money involved.

Yeah, just do the necessary here, specially changing your emails, at least your chances of being hack are slim. Good damn, I don't know how the hell did Bitmex made this kind of stupid mistakes.


https://blog.bitmex.com/statement-on-email-privacy-issue-impacting-our-users/

Because someone knows your email it doesn't mean he can use it. Not even need to change your password if you're not dumb enough to use the same password everywhere... Just be ready to receive a dozen spams daily now. Another reason why to create an email only for exchange platforms
By the way, while Bitmex is learning how to use their email software correctly... :D ;D

https://pbs.twimg.com/media/EISguvNWkAAxFF-.png

Nah, a common thing where services do see their own fault and then they do learn from it but on the other side  their reputation been tarnished.

This might not really be too big but a leak is always a leak and does do pertain on security matters.Hesitations is already there.

over 80% of people reuse passwords. (https://mashable.com/2017/02/28/passwords-reuse-study-keeper-security/) and most people use passwords that are broken fairly easily too. getting an email list like this is half the battle for hackers.


i assume somebody's getting fired over this. it's a pretty unbelievable level of incompetence.

I think these emails have been made public and will put a lot of risk to investors because every day there will be hundreds of projects sending us emails and that's really annoying. I am also a victim in this exchange and hope that Bitmex can allow users to change emails because I do not want to receive spam. Currently, other exchanges such as Okex also allow users to change email if their account is related to Bitmex.

In my opinion this will be an issue that will be mentioned a lot and Bitmex deserves complaints from investors because Bitmex makes us no longer safe.

It is unbelievable that a large exchange like Bitmex is so weak in terms of security, Previously Binance with hacked millions of dollars and exposed user information. I wonder, do those exchanges really put security first?

Twitter rumours(so obviously take it with a huge grain of salt) has it that the person responsible for this did get fired. I'm not surprised because this sure is a very amateur mistake for such a wealthy service as BitMEX. Like what the heck, they sent their emails carelessly in a way that even email spammers actually did it better.

There was an e-mail sent to my email yesterday regarding of this issue.
The title of the e-mail is Statement on the Email Privacy Issue Impacting Our Users.
https://i.imgflip.com/3f1qlx.jpg (https://imgflip.com/i/3f1qlx)  https://i.imgflip.com/3f1qn4.jpg (https://imgflip.com/i/3f1qn4).
The e-mail was sent has content about the the recent issue of bitmex which was the email addresses exposed.
There was also instruction how we can be safe of this issue like it was stated and much suggested to create a new account with new email address, setting up 2FA, etc.

I also got curious when they give some link to their website especially to the register page, there is a referral link embedded to the e-mail was sent. That's why I started to think it this e-mail is not legit

Thank you for having reported it here. For the beginners, be careful domain names like "@bitmex-explained.com" etc aren't legit, the only true one is "@bitmex.com"

This is one error that should not have happened under any guise but yes it has happened. The only thing people need to worry about is be more care when they receive mail from Bitmex and try to double check and confirm before acting on such mail and at the same time be weary of mails promising some unimaginable returns without taking time to understand why you are receiving such message in the myriad of people that could be interested in such "opportunity".