VirusTotal’s Data Leak: Human Error or System Flaw?

Reading Time: ( Word Count: )

July 21, 2023

On Friday, VirusTotal expressed regret over inadvertently exposing the data of more than 5,600 customers due to an employee erroneously uploading a CSV file with client details to their platform in the previous month.

The information breach impacted solely Premium account holders, exposing their names and work-related email addresses. VirusTotal’s Head of Product Management, Emiliano Martines, reassured affected users that this occurrence was a case of human error rather than a cyber breach or a flaw in VirusTotal’s security.

Only VirusTotal partners and cybersecurity analysts with a Premium account could access the leaked file.

On the other hand, anonymous or free account users lack access to the Premium platform and, therefore, cannot access the exposed file.

Martines stated on Friday, “On June 29, an employee inadvertently uploaded a CSV file onto the VirusTotal platform. This file included restricted information about our Premium account customers, mainly company names, linked VirusTotal group names, and the email addresses of group admins. The file was taken down within an hour of being posted, and was only accessible to partners and corporate clients.”

Also Read: “In Response to Nation-State Threats, Microsoft Bolsters Cloud Platform Security”

German media organisations Der Spiegel and Der Standard were the initial ones to disclose the incident on Monday. The leaked file, just 313KB, encompassed account details associated with U.S. official entities such as the Cyber Command, the Department of Justice, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA).

VirusTotal's Data Leak

Moreover, the file contained accounts connected to government agencies from Germany, the Netherlands, Taiwan, and the United Kingdom.

According to Der Spiegel, “The list comprises 5,600 names, which include personnel from the US intelligence agency NSA and German intelligence services. A total of twenty accounts are linked directly to the ‘Cyber Command’ of the USA, a division of the US military that serves as the hub for offensive and defensive hacking operations. Entities like the US Department of Justice, the US Federal Police FBI, and the Secret Service NSA are also included.”

The file additionally revealed information about staff members from national authorities in the Netherlands, Taiwan, and the United Kingdom, as well as various German government agencies like the Federal Intelligence Service, the Federal Police, and the Military Counterintelligence Service (MAD).

The leaked file also disclosed data of several employees from Bundesbank, Deutsche Bahn, Allianz, BMW, Mercedes-Benz, and Deutsche Telekom.

Saher Mahmood

Saher Mahmood


Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...

Submit a Comment

Your email address will not be published. Required fields are marked *