Bitcoin Forum
November 16, 2024, 05:14:17 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Australia’s crypto exchange, BTC Markets data breach  (Read 77 times)
Charles-Tim (OP)
Legendary
*
Offline Offline

Activity: 1736
Merit: 5218


Leading Crypto Sports Betting & Casino Platform


View Profile
December 02, 2020, 01:07:28 PM
Last edit: December 02, 2020, 01:21:46 PM by Charles-Tim
Merited by DdmrDdmr (1)
 #1

Early on Tuesday morning, an Australian cryptocurrency exchange (BTC Markets) that bills itself as the largest in the country inadvertently exposed more than 270,000 of its members names and email addresses. BTC Markets issued a statement acknowledging that the company had breached the privacy of its customers and apologised for the situation. “Earlier today, an announcement from BTC Markets exposed client names and email addresses.

According to the BTC Markets, the company uses an external email system to send out updates to its customers. In the process of sending out correspondence, the company’s customers’ names and emails were included in the ‘to’ section of emails, rather than being blind carbon copied or individually addressed.

The privacy breach threatens the security of the BTC Markets user base. The exchange uses a user’s email address as their login. Further, anyone with a list of users could use that information to guide phishing attempts.

https://www.businessinsider.com.au/btc-market-cryptocurrency-privacy-breach-2020-12

Although, it was reported that the exchange was not affected but possibly this data breach might lead or might have led to phishing attacks or attempts on the exchange users, what about people that did not make use of 2fa? Their accounts are vulnerable at that moment. It is good to make use of 2fa which could have helped some people. But, the best advice is to never leave your funds/bitcoin on exchanges because they are not secure and safe by design.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
December 02, 2020, 01:12:46 PM
 #2

This is the same as what happened with bitmex..

I'm guessing this wasn't a hack either, and likely an employee "mistake".

Anyway there will be a large list going round now from both of those attacks (I imagine) and this one looks to have hit all users rather than the bitmex one just being for Newsletter followers.

If you're a member of that exchange it's pribably a good idea just to add anything you don't recognise to your spam folder and not to open, enable images, download anything or click links in it.
Coyster
Legendary
*
Offline Offline

Activity: 2212
Merit: 1313


Playbet.io - Crypto Casino and Sportsbook


View Profile
December 02, 2020, 01:17:45 PM
 #3

According to the BTC Markets, the company uses an external email system to send out updates to its customers. In the process of sending out correspondence, the company’s customers’ names and emails were included in the ‘to’ section of emails, rather than being blind carbon copied or individually addressed.
Imo this is a somewhat very silly mistake, that could later, sometime 'down the road' cost someone their funds, I think this exchange should know better to avoid such mistakes, that's the thing with centralized establishments in crypto, you can't entirely trust them, that's why you should always remember to be your own bank and store your funds either in a hw wallet or in a wallet that you alone have the private keys, and never on an exchange.

Having said that, if you use that exchange, avoid clicking random links even if they look legit and verify any information or message you receive going forward, and mind you that despite the fact that this data is already in the black market, the phishing attempts may not start immediately, it could be after many months, so don't only stay vigilant for a while, but always be.

███████████████
█████████████████████
██████▄▄███████████████
██████▐████▄▄████████████
██████▐██▀▀▀██▄▄█████████
████████▌█████▀██▄▄██████
██████████████████▌█████
█████████████▀▄██▀▀██████
██████▐██▄▄█▌███████████
██████▐████▀█████████████
██████▀▀███████████████
█████████████████████
███████████████

.... ..Playbet.io..Casino & Sportsbook.....Grab up to  BTC + 800 Free Spins........
████████████████████████████████████████
██████████████████████████████████████████████
██████▄▄████████████████████████████████████████
██████▐████▄▄█████████████████████████████████████
██████▐██▀▀▀██▄▄██████████████████████████████████
████████▌█████▀██▄▄█████▄███▄███▄███▄█████████████
██████████████████▌████▀░░██▌██▄▄▄██████████████
█████████████▀▄██▀▀█████▄░░██▌██▄░░▄▄████▄███████
██████▐██▄▄█▌██████████▀███▀███▀███▀███▀█████████
██████▐████▀██████████████████████████████████████
██████▀▀████████████████████████████████████████
██████████████████████████████████████████████
████████████████████████████████████████
Becky666
Full Member
***
Offline Offline

Activity: 756
Merit: 231



View Profile WWW
December 02, 2020, 01:27:28 PM
 #4

That was a blunder error committed by that mails sender. They should as a matter of urgency notify their esteem customers to immediately implement 2fa in their account as there might be something big fishing under the exchange soon. Things like this shouldn't be handle with levity, becasue it may lead to a huge data breach when these information fall into the wrong hands. IMHO, the sender of these mails should be held responsible becasue he/she gave the room for the hackers to respond.

███████ ███████     R O L L B I T           The Social & Provably Fair Crypto Casino           [ PLAY NOW ]     ███████ ███████
/  SLOTS     /  GAME SHOW     /  LIVE CASINO     /  ROULETTE     /  BLACKJACK
|          Twitter          |        ♠   Instant Deposits & Withdrawals   -   Live Customer Support   -   Rakeback & Level Up Bonuses   ♠      |          Discord          |
Charles-Tim (OP)
Legendary
*
Offline Offline

Activity: 1736
Merit: 5218


Leading Crypto Sports Betting & Casino Platform


View Profile
December 02, 2020, 01:33:04 PM
 #5

That was a blunder error committed by that mails sender. They should as a matter of urgency notify their esteem customers to immediately implement 2fa in their account as there might be something big fishing under the exchange soon. Things like this shouldn't be handle with levity, becasue it may lead to a huge data breach when these information fall into the wrong hands. IMHO, the sender of these mails should be held responsible becasue he/she gave the room for the hackers to respond.
I just did not included it in the news to make my points clearer, the exchange take immediate action which although might not be sufficient enough.

Quote
BTC Markets said they will report the breach to the Office of the Australian Information Commissioner, conduct and internal review and step up the security measures around user’s details.

The company also advised its users to use two-factor authentication for their BTC Markets account to secure their accounts, and directly contacted all their users to inform them of the breach
https://www.businessinsider.com.au/btc-market-cryptocurrency-privacy-breach-2020-12

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
Lucius
Legendary
*
Offline Offline

Activity: 3430
Merit: 6157


Crypto Swap Exchange🈺


View Profile WWW
December 02, 2020, 02:02:36 PM
 #6

This has happened and will continue to happen because people are, as it always turns out, the weakest link in any security chain. Personally, it's silly of me to discuss 2FA in the way that someone advises someone that they should use it - when such things should be mandatory. Although 2FA does not guarantee 100% security of user accounts, it still makes it difficult for hackers to compromise such accounts - and in this case, it would be wiser to completely change the e-mail to prevent anyone from trying to reset the exchange password via e-mail.

Either way, the company's reputation has been irreversibly damaged - and it may be an opportunity for a new market player to attract dissatisfied customers.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
dzungmobile
Sr. Member
****
Offline Offline

Activity: 896
Merit: 453


Playbet.io - Crypto Casino and Sportsbook


View Profile
December 02, 2020, 02:53:30 PM
 #7

Email breach is bad but people will be fine if they have some healthy habits

Use strong password for email.
Have 2FA for email.
Don't click on any link they receive in emails or on any other channels.
Don't use same password for all platforms, all accounts.
Have 2FA is on for their accounts.
Don't store password, 2FA secret code on online storage service.

Personally, I use my secondary email for getting experience on new services, platforms and do it on the computer I don't store my Bitcoin wallet.

███████████████
█████████████████████
██████▄▄███████████████
██████▐████▄▄████████████
██████▐██▀▀▀██▄▄█████████
████████▌█████▀██▄▄██████
██████████████████▌█████
█████████████▀▄██▀▀██████
██████▐██▄▄█▌███████████
██████▐████▀█████████████
██████▀▀███████████████
█████████████████████
███████████████
 
Playbet.io
  
Casino & Sportsbook
  
Grab up to
BTC 
+ 800 Free Spins
████████████████████████████████████████
██████████████████████████████████████████████
██████▄▄████████████████████████████████████████
██████▐████▄▄█████████████████████████████████████
██████▐██▀▀▀██▄▄██████████████████████████████████
████████▌█████▀██▄▄█████▄███▄███▄███▄█████████████
██████████████████▌████▀░░██▌██▄▄▄██████████████
█████████████▀▄██▀▀█████▄░░██▌██▄░░▄▄████▄███████
██████▐██▄▄█▌██████████▀███▀███▀███▀███▀█████████
██████▐████▀██████████████████████████████████████
██████▀▀████████████████████████████████████████
██████████████████████████████████████████████
████████████████████████████████████████
GrinZ
Legendary
*
Offline Offline

Activity: 1572
Merit: 1002


View Profile
December 02, 2020, 03:14:24 PM
 #8

It is actually sad that users do not take the necessary security measures and such events occur as a result. Maybe the error is caused by the stock exchange itself, we cannot know that, but it will be difficult to compensate for the loss of reputation.
DdmrDdmr
Legendary
*
Offline Offline

Activity: 2506
Merit: 11062


There are lies, damned lies and statistics. MTwain


View Profile WWW
December 02, 2020, 04:16:37 PM
 #9

<…>
The depicted events in the OP have nothing to do with personal security. The Exchange (or one of it’s hired service providers for email campaign management) screwed-up, and even though they allegedly did run a sample test beforehand, nobody detected de parametrization error (or made the error when switching to the complete file to process, as opposed to the test one). Normally, they will pay tight attention to reviewing the content of the email being generated, but someone missed the information in the actual "sent to" field at some point. Simple yet dramatic error that will end with someone’s balls on a silver platter for sure.

See running conversation: https://twitter.com/BTCMarkets/status/1333667467823116288
kano
Legendary
*
Offline Offline

Activity: 4620
Merit: 1851


Linux since 1997 RedHat 4


View Profile
December 02, 2020, 07:16:31 PM
 #10

On their "Protect Yourself Against Cybercrime" page,
https://www.btcmarkets.net/protect-yourself-online
They forgot to add: "Don't use our web site" ...

Pool: https://kano.is - low 0.5% fee PPLNS 3 Days - Most reliable Solo with ONLY 0.5% fee   Bitcointalk thread: Forum
Discord support invite at https://kano.is/ Majority developer of the ckpool code - k for kano
The ONLY active original developer of cgminer. Original master git: https://github.com/kanoi/cgminer
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!