Australian Crypto Exchange Exposes Personal Data of 270K Users

2 December 2020

BTC Markets, one of Australia’s biggest cryptocurrency exchanges, has accidentally exposed users’ personal data, raising the risk of phishing attacks.

As reported by Business Insider Australia on Wednesday, the exchange revealed the names and email addresses of over 270,000 users when it sent out mass emails. The error saw names and addresses placed in the “to” section rather than individually addressing each recipient or using blind carbon copy.

The emails were sent out in batches of 1,000 recipients and meaning the exposure to a bad actor was limited to the data of 999 individuals per email.

However, “all account holders were affected.” BTC Market’s CEO Caroline Bowler said in a tweet “The email was sent in batches, rather than in bulk.”

Once initiated, the emails could not be stopped even after the error was noticed, according to the report.

While no passwords or financial data were included in the breach, email addresses can be used for targeted phishing campaigns, since the attackers know the individuals affected have cryptocurrency accounts.

The error highlights the risks that centralized exchanges can pose when it comes to user’s data and privacy.

See also: Crypto Exchange Liquid Says User Data Possibly Exposed in Security Breach

According to Business Insider, BTC Markets will report the breach to the Office of the Australian Information Commissioner, undertake an internal review and work to increase its security.

CoinDesk reached out to BTC Markets for comment, but did not receive a reply by press time.

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.