Earlier today, Nov. 1, BitMEX accidentally disclosed its customers' email addresses to the rest of the world. This came out when BitMEX sent out an email update about its revamped indices weights system, and the recipients realized that they could see the email addresses of other people to whom the update was sent. It appears that the email addresses were placed in carbon copy [CC] rather than blind carbon copy [BCC] field.
Once it became aware of the incident, BitMEX issued an official statement on their website. They stated that they were doing everything they could to assess the damage this mishap may have caused. Many influencers recommended on Twitter that others should also change their change their email addresses and passwords associated with the account and enable 2-factor authentication as their BitMEX accounts may now be compromised. Meanwhile, Twitter user TheCrypt0Mask has been searching through the email database, claiming that he found about 200 passwords from earlier hacks on other platforms.
The exchange has, on average, about 22 thousand daily users, so the public did not take the potentially massive privacy breach lightly. Shortly after the news of the incident came out, the BitMEX Twitter account was taken over, with hackers tweeting "Take your BTC and run. Last day for withdrawals," followed by a short but succinct "Hacked."
Another Twitter account claimed that it had access to hundreds of thousands of customer records, including people who are well known in the cryptocurrency realm, and started posting their names and addresses, some of which have since been checked and confirmed to be real.
The exchange quickly responded to the hack by disabling withdrawals for customers who did not have the 2FA enabled or and reassuring its users that, "while the trolls may target our Twitter account, you may rest assured that all funds are safe."