Bittrex is reportedly leaking users’ passport scans and photographs as KYC emails from customer support contain dire security errors.

As reports a Russian-language news channel on Telegram, users who go through the exchange’s manual KYC verification but are rejected receive an email from customer support.

Along with the private documents the user supplies, the rejection email also contains those of several other rejected users, Kriptach states.

This means, in a grimly ironic blunder, passport details and photographs are being freely shared on the Internet.

“Right now I can see the passport of (someone called) Nurbek and a few others, as well as their selfies,” the channel reports.

“It’s just f*cking terrible.”

If the scan provided by Kriptach is authentic, the practice could have huge ramifications for Bittrex, which is yet to comment on the allegations or substantiate any evidence.

In what appears to be a separate issue, the exchange has been silent on social media since Nov. 30, leading to anger from traders on social media.

Cointelegraph will update this story as it progresses.