BTC Markets, marketed as Australia’s largest cryptocurrency exchange, exposed the names and email addresses of an unknown number of customers on Tuesday afternoon after a mistake in a batch email send went undetected.
The company “apologised wholeheartedly” for the error and “strongly advised” customers that did not have two-factor authentication on their accounts already to enable it.
BTC Markets’ standard login screen uses a customer’s email address as the username.
Customers of the exchange immediately expressed concern that the exposure amounted to a list of usernames that could open those with weak account security settings to potential compromise.
It wasn’t clear just how many names and email addresses were exposed.
BTC Markets said it was doing an email blast in batches of “under 1000” emails – a likely send limit imposed by its third-party email service provider.
“[We] use an external system to send client-wide emails,” BTC Markets said in a Facebook post.
“We have used this system without incident for a number of years.
“Our usual process is to also send test emails.
“However, today our testing didn’t pick up that the sample email addresses in the batch were added to the same email, rather than sent individually.”
BTC Markets said the batched sends occurred in quick succession and therefore could not be stopped when the error was noticed.
“The process took place very quickly, therefore it was not possible to stop the batch send once the error was realised,” the company said.
BTC Markets said its exchange platform “remains secure and unaffected”.
“Our external communication process has no interaction with our internal system and no password data was exposed,” it said.
The company added that it would self-report the incident to the Office of Australian Information Commissioner (OAIC) “and fully comply with the data breach reporting requirements” in Australia.
“In addition, there will be an internal review and additional rigour placed around data security and training,” the company added.
BTC Markets claims to have “over 270,000” customers “who’ve traded over $10.5bn” on the exchange.