The leaked file, measuring only 313 kilobytes, includes the names of 5,600 account holders registered with VirusTotal, along with their email addresses and organizations.
In a recent security breach, a file containing the names and email addresses of approximately 5,600 registered users of the popular cybersecurity platform VirusTotal was inadvertently exposed to the public.
The incident, first reported by The STANDARD, an Austrian news outlet, threatens the privacy and safety of employees from prominent intelligence agencies, such as the U.S. National Security Agency (NSA) and German intelligence agencies which were included in the data leak.
The incident should not come as a surprise, as VirusTotal has been in the news for unconfirmed security issues. One such incident occurred in January 2022 when researchers revealed an attack called “VirusTotalHacking.” They claimed to have accessed a trove of stolen credentials on VirusTotal. However, this attack was denied by VirusTotal founder Bernardo Quintero.
VirusTotal, owned by Google and widely used by security researchers, offers a web service for scanning suspicious files and links to detect malware. This incident brings to light the potential consequences of relying on such services without adequate safeguards, especially for intelligence agencies.
The leaked file, measuring only 313 kilobytes, includes the names of 5,600 account holders registered with VirusTotal, along with their email addresses and organizations. Notably, the compromised users consist of 20 accounts linked to the U.S. Cyber Command, as well as users from the U.S. Department of Justice (DoJ), the Federal Bureau of Investigation (FBI), and the NSA. Additionally, the list features official bodies from the Netherlands, Taiwan, and Great Britain.
Further, reportedly, addresses from Austrian organizations, including the Federal Ministry of Defense and the Interior Ministry, are also listed. Notably, the file includes employees from German intelligence agencies, such as the Federal Office for Information Security (BSI), the Federal Criminal Police Office (BKA), the Military Counter-Intelligence Service (MAD), and the Federal Office for Telecommunications Statistics (BFSt).
Additionally, employees from prominent German companies, including Deutsche Bahn, Allianz, BMW, Daimler, and Deutsche Telekom, are also among those affected.
Google, the owner of VirusTotal, has responded to the incident by stating that a VirusTotal employee unintentionally made a portion of customer data accessible. The company promptly removed the list from the platform and is actively working to enhance internal processes and technical controls to prevent similar breaches in the future.
This data leak raises questions about the security measures implemented by VirusTotal and other similar platforms. While these services play a crucial role in detecting malware, they also pose inherent risks, particularly when handling sensitive or classified information. It is essential for individuals and organizations to exercise caution and ensure that appropriate security measures are in place when utilizing such services.
In light of this incident, the affected parties, including intelligence agencies and corporations, should remain vigilant for potential cyber attacks, such as social engineering and targeted phishing attempts. Additionally, users are encouraged to monitor their financial accounts, consider two-factor authentication, and initiate fraud alerts to protect against unauthorized activities.
- Urlscan.io API Inadvertently Leaked Sensitive Data and URLs
- VirusTotal Reveals Apps Most Exploited by Hackers to Spread Malware
- 14 years of jail time for hacker over Scan4You malware scanning service
- Millions impacted – Payment API vulnerabilities exposed transaction keys
- Google funded delivery service Dunzo hacked; 11GB worth of data leaked