Major Australian cryptocurrency exchange BTC Markets accidentally exposed the full name and email addresses of all of its customers in a marketing email sent to each affected individual on Dec. 1.
The emails were sent in batches of 1,000, meaning that each customer was sent the name and email address of 999 other users.
BTC Markets is in the process of reporting the incident to the Office of the Australian Information Commissioner, with Bowler noting the exchange will be “taking guidance from the OAIC” on how to respond to the breach moving forward.
Speaking to Cointelegraph, BTC Markets CEO Caroline Bowler expressed the company’s “heartfelt apologies” for the incident, emphasizing that the exchange’s executives are now working around the clock to minimize the repercussions of the breach and to implement “additional security features” to prevent future information leaks.
Bowler recommended BTC Markets customers to ensure two-factor authentication is enabled to protect their account, and to change the password to their email account.
She also urged users to be wary of unauthorized attempts to access their email accounts and of phishing scams purporting to be from BTC Markets. She recommended users double-check that emails appearing to be from BTC Markets are actually from addresses ending in “@btcmarkets.net.”
Bowler noted that the breach has not impacted the security of the exchange itself, and that no personal data aside from full names and email addresses was leaked through the email.
The promotional email was issued to announce that BTC Markets will list pairings for USDT from Dec. 3, in addition to supporting Flare Network’s Spark token airdrop on Dec. 12.
While BTC Markets will still proceed with the Tether listing and Spark airdrop, Bowler highlighted that the immediate focus of the exchange is on managing the data leak.
It was a case of bad timing for Bowler, who yesterday announced she had joined local industry body Blockchain Australia as a board member.