BTC Markets, one of Australia's biggest cryptocurrency exchanges, has accidentally exposed users' personal data, raising the risk of phishing attacks.
As reported by Business Insider Australiahttps://www.businessinsider.com.au/btc-market-cryptocurrency-privacy-breach-2020-12 on Wednesday, the exchange revealed the names and email addresses of over 270,000 users when it sent out mass emails. The error saw names and addresses placed in the "to" section rather than individually addressing each recipient or using blind carbon copy.
The emails were sent out in batches of 1,000 recipients and meaning the exposure to a bad actor was limited to the data of 999 individuals per email.
However, "all account holders were affected." BTC Market's CEO Caroline Bowler said in a tweet "The email was sent in batches, rather than in bulk."
Once initiated, the emails could not be stopped even after the error was noticed, according to the report.
While no passwords or financial data were included in the breach, email addresses can be used for targeted phishing campaigns, since the attackers know the individuals affected have cryptocurrency accounts.
The error highlights the risks that centralized exchanges can pose when it comes to user's data and privacy.
According to Business Insider, BTC Markets will report the breach to the Office of the Australian Information Commissioner, undertake an internal review and work to increase its security.
CoinDesk reached out to BTC Markets for comment, but did not receive a reply by press time.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.