An error in the code of the Internal BitMEX Bitcoin Exchange system for mass emails has resulted in the disclosure of user email addresses. Other personal data was not disclosed.
On Friday, November 1, the majority of users of the site received a letter notifying them of changes in the calculation of indexes for pricing derivative products. However, in the field To: the exchange disclosed the addresses of other recipients.

The distribution was carried out in packs of 1000 people each. Accordingly, each letter disclosed 1000 addresses.

Some users received correct notifications without compromising the data or did not receive the letter at all.

After the incident, the security service identified several accounts carrying out suspicious activity. Their owners had to change their passwords and in some cases pass an additional check in the support service.

The exchange almost immediately closed the withdrawal for accounts:

without two-factor authentication;
Withdrawals after address compromising;
Withdrawals to previously unknown Bitcoin addresses;
incoming from previously unknown IP addresses.
BitMEX urged all users to install 2FA on their mail and stock account.

Representatives of the organization also explained that shortly after the incident, an unknown person took control of the Twitter-page of the exchange for six minutes.
Source https://cryptorolling.com/bitmex-explained-the-causes-and-consequences-of-the-data-leakage-incident/