The US Securities and Exchange Commission has allegedly leaked the personal data of cryptocurrency miners. January 17th Reported by Washington Jury.
Right-wing news outlets said the SEC leaked data during an investigation into Green, a blockchain project building a decentralized power grid. The project’s user base consists of node operators or miners.
The SEC allegedly leaked the names and email addresses of more than 650 individuals by failing to use the blind carbon copy (bcc) field. Presumably, regulators used the carbon copy (cc) field so that all recipients could see all other incoming addresses.
The Washington Examiner has erroneously suggested that this information was sufficient to hack the devices of individuals affected by the leak. This is highly unlikely, as it is intended and only an address that does not have direct access to any account.
Still, if the leak did happen, it would raise privacy concerns and expose those affected to phishing and other targeted scams.
The SEC reportedly told the Washington Examiner that “protecting the privacy of all parties is very important,” and said it was investigating the matter.
The data that was believed to have been leaked does not appear to have been made public, and none of the parties involved have publicly reported the data breach.
This type of data breach is fairly common. Cryptocurrency exchange BitMEX similarly abused the bcc field in 2019, exposing 30,000 email addresses. Other organizations, including government agencies, have been hit with similar leaks in recent years.
