Australian cryptocurrency exchange BTC Markets—which claims to be the largest in the country—has leaked names and email addresses of over 270,000 of its customers via a marketing campaign, Business Insider Australia reported Today.
BTC Markets Tether Listing & Spark token Update. Everyone’s name and email address pic.twitter.com/x2U4FnZMoR
— Stevosxrp.crypto (@Stevo36787477) December 1, 2020
On Tuesday, the exchange began sending out emails to users, announcing the listing of Tether stablecoins and the support for Spark airdrop. However, instead of sending each email individually or using blind carbon copy, BTC Markets sent out its updates to whole batches of users at a time, adding 1,000 addresses for each message.
As a result, each user that received the exchange’s email could also easily see the addresses and names of other 999 receivers in the “To:” field.
Hi Scott. All account holders were affected. The email was sent in batches, rather than in bulk. Hence why your two addresses were in two groups.
— Caroline Bowler (@CaroBowler) December 1, 2020
BTC Markets CEO Caroline Bowler also confirmed that “All account holders were affected” and that “The email was sent in batches, rather than in bulk.”
It’s worth mentioning that since email services usually display any names that people used when they registered their mailing accounts, BTC Markets’ messages might have contained some pseudonyms—rather than real names—as well.
However, the biggest issue here is the email addresses themselves since BTC Markets also uses them as logins on the platform. This means that malicious actors now can easily compile a comprehensive database of BTC Markets users’ email addresses and pivot this data in phishing campaigns.
Earlier today, an announcement from BTC Markets exposed client names and email addresses. This is a deeply regrettable situation and we apologise wholeheartedly for it.
— BTC Markets (@BTCMarkets) December 1, 2020
Per the report, BTC Markets addressed the issue and stated that when the leak was discovered, the platform ostensibly couldn’t stop the emails from sending out due to the high speed at which they were distributed.
“Earlier today, an announcement from BTC Markets exposed client names and email addresses. This is a deeply regrettable situation and we apologise wholeheartedly for it,” the exchange tweeted yesterday.
Unsurprisingly, users are not happy at all after the leak was discovered.
“If they cannot be trusted with a technology as old as email, how can they be trusted with crypto, let alone KYC [know-your-customer] information,” one Redditor summarized.
This isn’t the first time a crypto company has made this mistake. In November 2019, crypto exchange BitMEX exposed thousands of its customers’ details by doing the exact same thing.