One of the main selling points of cryptocurrencies is that they are designed to offer their users privacy or even complete anonymity. But not even the cleverest creators can completely thwart human error.
Early on Tuesday morning, an Australian cryptocurrency exchange that bills itself as the largest in the country inadvertently exposed more than 270,000 of its members names and email addresses.
Users posted to social platforms like Twitter and Reddit to complain about the breach.
BTC Markets issued a statement acknowledging that the company had breached the privacy of its customers and apologised for the situation.
“Earlier today, an announcement from BTC Markets exposed client names and email addresses. This is a deeply regrettable situation and we apologise wholeheartedly for it,” the company tweeted on Tuesday evening.
The company stressed that the breach did not affect their exchange, nor were there passwords exposed in the breach. The company’s CEO Caroline Bowler said in a tweet that all of its customers were affected.
According to the BTC Markets, the company uses an external email system to send out updates to its customers.
In the process of sending out correspondence, the company’s customers’ names and emails were included in the ‘to’ section of emails, rather than being blind carbon copied or individually addressed.
The emails were batch limited to 1000 recipients, meaning that each individual only received an email with the details of up to 999 other customers rather than the full list.
The company said their batch sends occur rapidly, meaning that once they noticed they were unable to stop it from sending out.
The privacy breach threatens the security of the BTC Markets user base. The exchange uses a user’s email address as their login. Further, anyone with a list of users could use that information to guide phishing attempts.
BTC Markets said they will report the breach to the Office of the Australian Information Commissioner, conduct and internal review and step up the security measures around user’s details.
The company also advised its users to use two-factor authentication for their BTC Markets account to secure their accounts, and directly contacted all their users to inform them of the breach.
Still, not all their customers were happy with the company’s response.
“BTC Markets name is now as good as dog shit,” one social media user mused.
This story was originally published on Business Insider Australia.