BTC Markets, one of Australia’s leading cryptocurrency exchanges, has accidentally exposed users’ private data, raising the danger of phishing attacks.
According to a recent report by Business Insider Australia on Wednesday, the exchange revealed the names & email addresses of over 270k users when it sent out mass emails. The error saw names and addresses placed within the “to” section instead of individually addressing each recipient or using blind carbon copy.
The emails were sent out at batches of 1k recipients and meaning the exposure to a nasty actor was limited to the info of 999 individuals per email.
Moreover, “all account holders were affected.” BTC Market’s CEO Caroline Bowler added within a tweet “The email was sent in batches, instead of in bulk.”
Once initiated, the emails couldn’t be stopped even after the error was noticed, consistent with the report.
While no passwords or financial data were included within the breach, email addresses are often used for targeted phishing campaigns, since the attackers know the individuals affected have cryptocurrency accounts.
The error highlights the risks that centralized exchanges can pose when it involves user’s data & privacy.
In line with Business Insider, Bitcoin [BTC] Markets will report the breach to the Office of the Australian Information Commissioner, undertake an indoor review, and work to extend its security.