On Friday, VirusTotal expressed regret over inadvertently exposing the data of more than 5,600 customers due to an employee erroneously uploading a CSV file with client details to their platform in the previous month.
The information breach impacted solely Premium account holders, exposing their names and work-related email addresses. VirusTotal’s Head of Product Management, Emiliano Martines, reassured affected users that this occurrence was a case of human error rather than a cyber breach or a flaw in VirusTotal’s security.
Only VirusTotal partners and cybersecurity analysts with a Premium account could access the leaked file.
On the other hand, anonymous or free account users lack access to the Premium platform and, therefore, cannot access the exposed file.
Martines stated on Friday, “On June 29, an employee inadvertently uploaded a CSV file onto the VirusTotal platform. This file included restricted information about our Premium account customers, mainly company names, linked VirusTotal group names, and the email addresses of group admins. The file was taken down within an hour of being posted, and was only accessible to partners and corporate clients.”
German media organisations Der Spiegel and Der Standard were the initial ones to disclose the incident on Monday. The leaked file, just 313KB, encompassed account details associated with U.S. official entities such as the Cyber Command, the Department of Justice, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA).
Moreover, the file contained accounts connected to government agencies from Germany, the Netherlands, Taiwan, and the United Kingdom.
According to Der Spiegel, “The list comprises 5,600 names, which include personnel from the US intelligence agency NSA and German intelligence services. A total of twenty accounts are linked directly to the ‘Cyber Command’ of the USA, a division of the US military that serves as the hub for offensive and defensive hacking operations. Entities like the US Department of Justice, the US Federal Police FBI, and the Secret Service NSA are also included.”
The file additionally revealed information about staff members from national authorities in the Netherlands, Taiwan, and the United Kingdom, as well as various German government agencies like the Federal Intelligence Service, the Federal Police, and the Military Counterintelligence Service (MAD).
The leaked file also disclosed data of several employees from Bundesbank, Deutsche Bahn, Allianz, BMW, Mercedes-Benz, and Deutsche Telekom.