A possible data breach is investigated at the UK Bitcoin Exchange CoinCut, which displays sensitive customer data, including passport and data card, publicly.
Last week's visitors were obviously able to access directories that included passports, personal IDs, and credit and debit cards.
The company's spokesman, Dax Chan, said the company was treating the incident as "malicious".
"We are trying to understand how this directory has become visible in the world - and how the problem has leaked so quickly, as we are a relatively small Bitcoin vendor in a huge market," he said, according to CoinDesk.
If he is right, CoinCut customers may be at risk of identity theft or probable follow-up by phishing attacks, as stolen data will leak into cyber-crime "underground crime" and in the hands of online fraudsters.
Robert Hansen, vice-president of WhiteHat Safety, argued that the incident is not unusual.
"I have seen a number of applications that have similar vulnerabilities. It's very common for websites to store sensitive information on publicly accessible web directories, "he added. "It's a trivial attack to create a transverse directory or run the file names to determine what other things may be in the same directory."
He added that it is strange for CoinCut to claim he was surprised by the speed of data leakage.
"Leaks of information from people who want to use a pseudo-anonymous currency are perhaps some of the most valuable items on earth for ghosts, competitors, and the security research community," he said.
Security concerns remain one of the most important barriers to the absolute adoption of Bitcoin, with incidents that serve only to reinforce the second thoughts about crypto-currency.