VirusTotal Data Leak Affects 5K+ Users
Some of the users who were impacted include the US Department of Justice, the NSA, and the FBI, alongside German intelligence agencies.
VirusTotal, the Google-owned online service used to analyze questionable files and URLs to detect malicious material or malware, has experienced a data leak, exposing the data of 5,600 of its users, including some very high-profile people.
Der Speigel, a German publication, had confirmation from Google that the leaked data includes names and email addresses of employees from various backgrounds, including those from US and German intelligence agencies; official bodies of the Netherlands, Taiwan, and Great Britain; and large, well-known German companies, such as BMW and Mercedes Benz, among others.
VirusTotal is used in a manner where files that are uploaded by users into the interface can contain sensitive data, putting organizations and their data at risk. Though passwords remain concealed, the usernames and email addresses that were leaked in this data breach are enough for threat actors to be able to spear-phish anyone who was affected by the breach.
"We are aware of the unintentional distribution of a small segment of customer group administrator emails and organization names by one of our employees on the VirusTotal platform," a Google Cloud spokesperson told The Hacker News when asked for comments on the data leak. "We removed the list from the platform within an hour of its posting and we are looking at our internal processes and technical controls to improve our operations in the future."
About the Author(s)
You May Also Like
Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024Preventing Attackers From Wandering Through Your Enterprise Infrastructure
June 19, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024