The U.S. Securities and Exchange Commission allegedly leaked the personal data of crypto miners, according to a Jan. 17 report by the Washington Examiner.
The right-wing news outlet said that the SEC leaked that data during its investigation of Green, a blockchain project that is building a decentralized power grid. The project’s user base consists of node operators or miners.
The SEC supposedly leaked names and email addresses belonging to more than 650 individuals by neglecting to use the blind carbon copy (bcc) field. Presumably, the regulator used the carbon copy (cc) field, causing all recipients to see all other receiving addresses.
The Washington Examiner erroneously suggests that this information would be sufficient to hack the devices of the individuals affected by the leak. This is extremely unlikely, as the SEC would only have leaked regular email addresses — addresses that are meant to be publicly shared and which do not provide direct access to any account.
Still, the leak represents a privacy concern if it did in fact occur, and it puts those affected at risk of phishing and other targeted scams.
The SEC reportedly told the Washington Examiner that “protecting the privacy of all parties is critically important” and said that it is looking into the matter.
The supposedly leaked data does not appear to have reached the public, and none of the parties involved have publicly reported any data leak.
This type of data leak is reasonably common. Crypto exchange BitMEX similarly misused the bcc field in 2019, which led to the leak of 30,000 email addresses. Other entities, including government agencies, have also suffered similar leaks in recent years.