BitMex leaked emails and people are matching them with password databases

This morning, BitMex doxxed around 30,000 users emails today by forgetting to hide them while sending messages en mass. There are two reasons that this could end up very bad for those doxxed.

The dox will help U.S. regulators go after BitMex

One, is because certain countries are restricted from using BitMex, and apparently, many people are using their fist and last name to sign up on BitMex. U.S. regulators mostly care about BitMex providing access to citizens, and not citizens using the site, but some people might still not want their names associated with a site that’s supposed to be anonymous.

This can also be used as evidence against BitMex, who historically hasn’t made their user base public. Regulators are already investigating BitMex regarding allowing U.S. users on their site, and this will almost definitely be used against them. BitMex is currently located in Hong-Kong, not under U.S. jurisdiction, so they likely have not been forced to give information to U.S. authorities.

It’s easy to match BitMex e-mails with already leaked password databases 

Everyone knows that emails and passwords are sold on the darkweb. It’s relevant here because it can be pretty easy for someone who has a database as such match the leaked emails to the leaked ones they own. This means that if someone uses the same password for everything, including their BitMex account, it would grant people with those databases access to their BitMex account and funds.

If someone is able to access a BitMex account this way, they will only be able to change the password if they can also access the email associated with it. Lucky, BitMex only allows withdrawals once per day, and that already happened at 8 a.m. central time.

As long as people aren’t using the same password for their e-mail and bitmex account, they have until 8 a.m. to secure their account and funds.