Australia's BTC Markets Accidentally Discloses User Information

Australia's largest cryptocurrency exchange, Melbourne-based BTC Markets, accidentally exposed the e-mails and names of more or less all its customers.

The accident took place after e-mail blast sending went wrong. The user e-mails and names were sent out in batches of 1000, but essentially all users had their e-mails exposed in different batches. The Australian cryptocurrency exchange has upwards of 270 thousand customers.

BTC Markets made a Facebook post, explaining that they use external tools to handle their client-wide e-mails and there have been no issues with those tools before. This time, the internal testing protocols did not successfully pick up the fact that e-mails in the batch were not being sent individually but were rather all bundled in the same e-mail.

It seems those batches of 1000 e-mails each were sent in rapid-fire mode and the company explained that they could do nothing to stop the process once they figured out what was wrong.

Thankfully, no passwords were exposed in any format in the accident.

BTC Markets urged its users to immediately activate two-factor authentication on their accounts in case they had not done this already. While this might be some consolation, this does not cancel out the fact that personal information such as real names and e-mails was exposed.

The e-mail addresses, especially when backed up by real names, could be used for malicious purposes such as phishing campaigns that will be given an extra layer of credibility thanks to the real names that accompany the addresses.

There are a large number of disgruntled comments below BTC Markets' Facebook post about the issue, with people worrying about doxing and identity theft and users concerned about their main e-mail address they use for a number of other platforms being exposed.

December 8, 2020