Compromised accounts have been traced using email addresses exposed in the recent BitMEX leak. An already known email address was allegedly used to work out login credentials to gain access to less secure accounts.
Leaked Emails Already Tested for Weak or Repeated Passwords
Comments on social media suggest that the leaked email list is also being circulated on hacking forums and darknet sites. Phishing and other forms of fraud may be attempted on these accounts, as BitMEX has warned.
“If you are concerned about your personal exposure, on BitMEX or on any other platform, the best thing you can do is to enable Two-Factor Authentication on all critical services,” warned the BitMEX letter of apology.
BitMEX users could get into serious trouble for using the same passwords for multiple accounts. Thus, previous leaks could make it very easy for hackers to gain entry into a new account associated with the user. The exact measure of the problem is uncertain, though separate users complain of having their BitMEX accounts compromised.
3 days ago had my Bittex, Kraken & Bitmex accounts all hacked at same time. Passwords all changed. Despite all having GA 2fa. Nothing lost, but security on all 3 self evidentially shit. Beware the gate keepers – the fuckers are asleep, drunk or just left the door open
— @BitCon (@BitCon13) November 1, 2019
Another user reports a hack even with 2FA enabled:
I’ve been hacked. Someone had successfully logged into my Bitmex account even with 2FA enabled? Avoiding this like a plague until you get this sorted and resolved.
— Michael McLaughlan (@MichaelStoil) November 1, 2019
While the leak itself is not sharing highly sensitive information – an email can be made public – the connection to a specific exchange and the notion of hacking a valuable account may appear lucrative and extremely appealing to hackers.