VirusTotal Data Leak Exposes Some Registered Customers’ Details

VirusTotal Data Leak Exposes Some Registered Customers’ Details

Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, were exposed after an employee inadvertently uploaded the information to the malware scanning platform.

The security incident, which comprises a database of 5,600 names in a 313KB file, was first disclosed by Der Spiegel and

When reached for comment, Google confirmed the leak and said it took immediate steps to remove the data.

“We are aware of the unintentional distribution of a small segment of customer group administrator emails and organization names by one of our employees on the VirusTotal platform,” a Google Cloud spokesperson told The Hacker News.

“We removed the list from the platform within an hour of its posting and we are looking at our internal processes and technical controls to improve our operations in the future.”

Included among the data are accounts linked to official U.S. bodies such as the Cyber Command, Department of Justice, Federal Bureau of Investigation (FBI), and the National Security Agency (NSA). Other accounts belong to government agencies in Germany, the Netherlands, Taiwan, and the U.K.

Last year, Germany’s Federal Office for Information Security (BSI) warned against automating uploading of suspicious email attachments to VirusTotal, noting that doing so could lead to the exposure of sensitive information.