VirusTotal, the Google-owned online service used to analyze questionable files and URLs to detect malicious material or malware, has experienced a data leak, exposing the data of 5,600 of its users, including some very high-profile people.
Der Speigel, a German publication, had confirmation from Google that the leaked data includes names and email addresses of employees from various backgrounds, including those from US and German intelligence agencies; official bodies of the Netherlands, Taiwan, and Great Britain; and large, well-known German companies, such as BMW and Mercedes Benz, among others.
VirusTotal is used in a manner where files that are uploaded by users into the interface can contain sensitive data, putting organizations and their data at risk. Though passwords remain concealed, the usernames and email addresses that were leaked in this data breach are enough for threat actors to be able to spear-phish anyone who was affected by the breach.
"We are aware of the unintentional distribution of a small segment of customer group administrator emails and organization names by one of our employees on the VirusTotal platform," a Google Cloud spokesperson told The Hacker News when asked for comments on the data leak. "We removed the list from the platform within an hour of its posting and we are looking at our internal processes and technical controls to improve our operations in the future."