BTC Markets leaks 270,000 user names and addresses

Getting your Trinity Audio player ready...

BTC Markets, an Australian digital currency exchange, accidentally leaked 270,000 of their users’ names and email addresses. 

According to BTC Markets official announcement,

BTC Markets uses an external system to send client-wide emails. We have used this system without incident for a number of years. Our usual process is to also send test emails. However, today our testing didn’t pick up that the sample email addresses in the batch were added to the same email, rather than sent individually. In this case, the batch sizes were under 1,000 email addresses. Account-holders had their name and email address exposed. The process took place very quickly, therefore it was not possible to stop the batch send once the error was realised.

BTC Markets is advising its users to enable 2-FA, change their passwords, and change the email address they have connected to their account. 

The next steps for the BTC Markets team are to self-report this incident to the Office of Australian Information Commissioner and comply with the data breach reporting requirements.

BitMex made this same mistake

In June 2019, BitMEX made this same mistake, accidentally revealing all of the recipients of a mass email’s names and email addresses; and earlier this year, digital currency hardware wallet manufacturer Ledger experienced a data breach that resulted in 1 million customer email addresses and other identification information being stolen.

When a digital currency service provider leaks customer information or has user information stolen from them in a breach, users should be on the lookout and stay cautious of phishing attacks. When customer information is revealed, it is very easy for an illicit actor to capitalize on the customer information in their possession and impersonate the service provider to solicit for even more personal identification information that may eventually lead to them stealing customer funds or accessing the customer’s bank account.