from Hacker News

BitMEX leaks 20k customer emails

by rontoes on 11/4/19, 8:26 PM with 2 comments

  • by emrehan on 11/5/19, 5:18 AM

    In summary, the programmer building their batch email post tool didn’t know about the implications of adding the addresses in the TO field instead of the BCC field. They should have known about this though, as almost anyone that uses email knows.

    One shouldn’t program something before learning how to do that thing probably manually.

    BitMEX has many issue, I guess, that are downplayed here:

    * They underestimated the importance of proper email usage.

    * This functionality has been tasked to a programmer without enough knowledge on the subject.

    * The code has not been tested / reviewed or reviewed competently

        * ... at the time of merge.

    * ... after it has been used in production.

  • by malux85 on 11/5/19, 8:16 AM

    What kind of rinky-dink operation are they running?

    - A old tool not used since 2017 - Had been many changes since then - Not put through QA process

    Who OK'd this?