Australian Crypto Exchange BTC Markets Accidentally Exposes 270,000 Customer Names and Emails
BTC Markets, the largest cryptocurrency exchange in Australia, is reported to have mistakenly exposed over 270,000 of its customers’ email addresses and names. The crypto exchange gave a statement admitting the firm had breached the privacy of its customers and apologized for the situation.
BTC Markets tweeted:
“The company exposed client names and email addresses. This is a deeply regrettable situation and we apologize wholeheartedly for it.”
Caroline Bowler, BTC Markets CEO, also tweeted acknowledging that the unfortunate incident had affected all of the exchange's users.
BTC Markets said the firm uses an external email system to send out updates to its customers. On Tuesday morning December 2, the company started sending out emails to customers, making an announcement of the listing of Tether Stablecoins as well as the support for Spark airdrop program. The exchange sent out emails in batches of customers at a time, adding 1,000 addresses for each text message instead of using blind carbon copy or sending each email individually. This implied that each user obtained the company’s email with details (names and addresses) of other customers.
The crypto exchange stated that their batch sends happened rapidly, meaning that once they initiated the sending out, they could not stop it even after they noticed the error.
The data breach put the privacy of the customers at risk. Although no financial data or passwords were included in the breach, anyone with the customers’ email addresses could use such information for targeted phishing campaigns because the malicious actors can know that individuals affected have cryptocurrency accounts.
The company mentioned that they would report the data breach incident to the Office of the Australian Information Commissioner, as well as conducting an internal review and setting up security measures around customers’ details.
Moreover, the exchange directly contacted all their customers informing them about the incident and also advising them to use two-factor authentication for their BTC Markets accounts. However, not all customers are happy with the response of the firm as several users posted to social medial platforms to complain about the breach.
Phishing Scams Target Cryptocurrency Companies
Phishing attacks continue playing a major role in the digital threat landscape. Cyber attackers normally target users’ login credentials, company data, financial information (like bank accounts or credit cards), and anything that could be of value to execute phishing scams. Of course, cryptocurrency companies have become at risk of phishing attacks because of their financial strength and opportunity for bad actors to find loopholes in their security systems.
BTC Markets is not the first crypto company to have done the above mistake. Last year, BitMEX cryptocurrency exchange also exposed thousands of its users’ email addresses by doing the same mistake, a blunder that could be used for phishing attacks.
Image source: Shutterstock