2 min read

Bcc blunder leaks details of Silk Road Bitcoin bidders


June 20, 2014

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Bcc blunder leaks details of Silk Road Bitcoin bidders

Could someone please send the US Marshals on an email 101 course?

It’s something you should learn pretty early on in your online life.

If you want to copy someone on an email message, but *don’t* want others on the address list to know, you use the bcc: field.

The “B” in bcc: stands for “blind”, masking that you have sneakily let someone else see what you have sent, without the risk of causing offence to the main recipient. But it can also be used for non-sneaky purposes too.

For instance, if you need to send a message to a list of people but want to respect their privacy, you would add all of the addresses to the bcc: field rather than cc: them.

Everyone should know this, but even if they’re aware – mistakes still happen, as the US Marshals has just demonstrated.

As Coindesk reports, a classic bcc/cc error by the US Marshals Service (USMS) has leaked the email address of everyone interested in the auction of 29,656.51306529 bitcoins confiscated from the Silk Road blackmarket site.

Bidders for the bitcoin haul, which is worth an estimated $18 million, are asked to stump up $200,000 to take part in the auction.

But now, thanks to someone at the USMS putting the list of interested parties in a cc: field rather than a bcc: the details have leaked out.

The USMS apologised for the privacy breach, and emphasised that inclusion on the list did not necessarily indicate that a particular party was bidding for the bitcoins.

“One of the emails that we sent out this morning inadvertently showed a list of some of the individuals who have asked a question or questions about the pending bitcoin auction. We apologize for the error.”

I’m sure that the US Marshals are mortified by their silly blunder, and will learn to be more careful in future. But I can also understand the disgruntlement of those who have had their private email addresses and contact with the USMS over the auction made public.

The auction is due to take place on 27 June, with bidders notified of whether they had been successful by the end of the month. One can only hope that that notification will happen a little more privately…

Of course, the US Marshals are in good company when it comes to making such a blunder.

Past culprits have included the Taliban spokesperson who accidentally leaked his entire mailing list of over 400 contacts, and organisations that you would really hope would know better – like GCHQ and the UK’s.

What’s the biggest email blunder you have ever made? Leave a comment sharing your story, and perhaps you can exorcise your embarrassment once and for all.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like