Australian Crypto Exchange Exposes Personal Data of 270K Users

BTC Markets, one of Australia's biggest cryptocurrency exchanges, has accidentally exposed users' data, raising the risk of phishing attacks.

Dec 2, 2020 at 8:54 a.m. UTC
Updated Sep 14, 2021 at 10:37 a.m. UTC

BTC Markets, one of Australia's biggest cryptocurrency exchanges, has accidentally exposed users' personal data, raising the risk of phishing attacks.

As reported by Business Insider Australia on Wednesday, the exchange revealed the names and email addresses of over 270,000 users when it sent out mass emails. The error saw names and addresses placed in the "to" section rather than individually addressing each recipient or using blind carbon copy.

The emails were sent out in batches of 1,000 recipients and meaning the exposure to a bad actor was limited to the data of 999 individuals per email.

However, "all account holders were affected." BTC Market's CEO Caroline Bowler said in a tweet "The email was sent in batches, rather than in bulk."

Once initiated, the emails could not be stopped even after the error was noticed, according to the report.

While no passwords or financial data were included in the breach, email addresses can be used for targeted phishing campaigns, since the attackers know the individuals affected have cryptocurrency accounts.

The error highlights the risks that centralized exchanges can pose when it comes to user's data and privacy.

According to Business Insider, BTC Markets will report the breach to the Office of the Australian Information Commissioner, undertake an internal review and work to increase its security.

CoinDesk reached out to BTC Markets for comment, but did not receive a reply by press time.

The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Trending

1
CoinDesk - Unknown
Amid Market Downturn, ‘Goblintown’ NFTs Have Their Moment

The goblin-themed PFP collection did over $7 million in sales volume this weekend, fueled by rumors a larger team could be behind the scenes.

The goblin-themed PFP collection did over $7 million in sales volume this weekend, fueled by rumors a larger team could be behind the scenes.

CoinDesk - Unknown
2
CoinDesk - Unknown
Crypto Funds Shrink to Lowest Since 2021 Summer Bear Market

Investors pulled out some $143 million from digital asset funds as confidence in crypto is flailing.

Investors pulled out some $143 million from digital asset funds as confidence in crypto is flailing.

CoinDesk - Unknown
3
CoinDesk - Unknown
How the Metaverse Could Be a Game-Changer for NFT Gaming

Rather than letting players port weapons or powers between games, non-fungible tokens will more likely serve as building blocks for new games and virtual worlds. This piece is part of CoinDesk's Metaverse Week.

Rather than letting players port weapons or powers between games, non-fungible tokens will more likely serve as building blocks for new games and virtual worlds. This piece is part of CoinDesk's Metaverse Week.

CoinDesk - Unknown
4
CoinDesk - Unknown
Arthur Hayes, ex CEO de BitMEX, es sentenciado a 2 años de libertad condicional

Hayes se declaró culpable de un cargo de violación de la Ley de Secreto Bancario (BSA) en febrero y enfrentó una sentencia de hasta 12 meses de prisión.

Hayes se declaró culpable de un cargo de violación de la Ley de Secreto Bancario (BSA) en febrero y enfrentó una sentencia de hasta 12 meses de prisión.

CoinDesk - Unknown