On November 1, BitMEX sent an email to thousands of its customers informing them about a change in the way it calculated its indices for its products. However, in the process, it ending up exposing 23,000 email addresses of its customers. In a blog post published today, BitMEX has explained that the accident happened because of a new tool that it used without testing it properly.
On November 1, BitMEX sent an email to its customers. While the news was a good one for its users – it was updating its methodology for calculating indices for making the reference prices more fair, robust and accurate, it botched up the sharing of the news with them. In the email it sent to users, it also ending up sharing the email addresses of thousands of other customers in the “To:” field. No other information was leaked, however.
How it Happened?
BitMEX, in a blog post published today explained how the leak happened. BitMEX wanted to send the update about revamping its indices to all its customers dependably. For that, it has an in-house system dedicated to managing “the necessary rendering, translation, staging, and piecemeal (as not to trigger rate limits) sending of important email”. It also clarified that it had not sent an email to all its customers at once since 2017.
According to the blog, when BitMEX initiated the send, it realised that it would take more than 10 hours for the process to complete. The team wanted that all its customers should receive the email within a reasonable time. To enable this, the team rewrote its tool for sending email so that to “send single SendGrid API calls in batches of 1,000 addresses”.
The blog post further explained that since the team was short on time,