VirusTotal Data Leak

Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, were exposed after an employee inadvertently uploaded the information to the malware scanning platform.

The security incident, which comprises a database of 5,600 names in a 313KB file, was first disclosed by Der Spiegel and Der Standard yesterday.

Launched in 2004, VirusTotal is a popular service that analyzes suspicious files and URLs to detect types of malware and malicious content using antivirus engines and website scanners. It was acquired by Google in 2012 and became a subsidiary of Google Cloud's Chronicle unit in 2018.

When reached for comment, Google confirmed the leak and said it took immediate steps to remove the data.

"We are aware of the unintentional distribution of a small segment of customer group administrator emails and organization names by one of our employees on the VirusTotal platform," a Google Cloud spokesperson told The Hacker News.


"We removed the list from the platform within an hour of its posting and we are looking at our internal processes and technical controls to improve our operations in the future."

Included among the data are accounts linked to official U.S. bodies such as the Cyber Command, Department of Justice, Federal Bureau of Investigation (FBI), and the National Security Agency (NSA). Other accounts belong to government agencies in Germany, the Netherlands, Taiwan, and the U.K.

Last year, Germany's Federal Office for Information Security (BSI) warned against automating uploading of suspicious email attachments to VirusTotal, noting that doing so could lead to the exposure of sensitive information.


VirusTotal on Friday apologized for the recent customer data exposure incident, stating that it was caused by an employee accidentally uploading a CSV file to the platform on June 29, 2023, that contained information pertaining to its Premium account customers, particularly their names, associated VirusTotal group names, and the email addresses of group administrators.

The Google Chronicle subsidiary said that the file was only accessible to its partners and corporate clients, and that it was the result of a human error and not a cyber attack or a vulnerability in its systems.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.