BTC Markets, which is said to be one of Australia’s largest crypto exchanges, has exposed the names and email addresses of all its users on blast emails sent to its clients on Tuesday.
The exchange claims to have more than 270,000 crypto traders on-board, and all of their private data are now exposed, raising the threat of attacks on individual accounts.
Hi Scott. All account holders were affected. The email was sent in batches, rather than in bulk. Hence why your two addresses were in two groups.
— Caroline Bowler (@CaroBowler) December 1, 2020
The mishap happened as the company sent promotional emails to all its clients in batches of 1,000 users, exposing the names and emails of 999 other users.
The threat rises as the crypto exchange uses the email address and password for users’ logins. This process made accounts with lesser privacy settings more vulnerable to exploitation.
Users Should Increase Account Security
In a Facebook post, BTC Markets ‘apologise wholeheartedly’ for the mishap and assured that no password data was exposed.
“The platform remains secure and unaffected by the recent email issue. Our external communication process has no interaction with our internal system and no password data was exposed,” the exchange noted.
“As good practice, to protect your BTC Markets account, we strongly advise all our clients to enable Two Factor Authentication (2FA).”
The exchange further detailed that the mishap happened with an external bulk email sending service it had been using for years.
“The process took place very quickly, therefore, it was not possible to stop the batch send once the error was realised,” the Facebook post added.
As a precautionary measure, BTC Markets will report the incident to the Office of Australian Information Commissioner, complying with the local data breach compliance measures.
“In addition, there will be an internal review and additional rigour placed around data security and training,” the exchange noted.
