VirusTotal Suffers a Security Incident, Data Belonging to Registered Users Leaked

Posted on July 16, 2023 at 6:03 AM

VirusTotal Suffers a Security Incident, Data Belonging to Registered Users Leaked

Data leaks are commonly connected to hacking attacks, where an unknown attacker breaches the website’s security, loots its database, and then dumps it publicly or sells it to third parties. However, while VirusTotal suffered a data leak recently, this incident was somewhat different than a typical case.

Certain data associated with a subset of VirusTotal’s registered users recently got exposed after one of the company’s employees inadvertently uploaded it to the malware scanning platform. The data in question includes names and email addresses of the company’s registered users.

The incident involves data belonging to approximately 5,600 users, which were exposed in a 313KB large file. The incident was first brought to the attention of the public this Monday, July 17th, by Der Spiegel and Der Standard.

What is VirusTotal?

VirusTotal is a popular service that is commonly used for analyzing suspicious files and URLs. It was launched in 2004 with the intention to allow its users to easily detect malware and malicious content in general. It uses antivirus engines and website scanners to identify threats.

While it has been around for nearly 20 years, it was acquired by Google in 2012. After that, it became a subsidiary of Google Cloud’s Chronicle unit in 2018. Google confirmed the leak when it was asked for information about the incident, stating that it had immediately taken steps to remove the data.

Google Cloud’s spokesperson said that the company is aware of the unintentional distribution of a small segment of customer group administrator emails and organization names by one of its employees on the VirusTotal platform. “We removed the list from the platform within an hour of its posting and we are looking at our internal processes and technical controls to improve our operations in the future,” the company added.

Some of the leaked accounts belonged to government agencies

While Google reacted swiftly, the data was already seen by a number of internet users. As a result, it is known that it includes accounts linked to official US bodies, including the Department of Justice, Cyber Command, and even the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA).

Apart from these, there were also accounts belonging to government agencies of foreign countries. Specifically, accounts linked to the agencies of Germany, the UK, the Netherlands, and also Taiwan were among the dumped details.

Interestingly enough, Germany’s Federal Office for Information Security (BSI) predicted the incident back in 2022. At the time, it waned against automating the uploading of suspicious email attachments to VirusTotal. It said that doing this could result in the exposure of sensitive information.

Of course, names and emails are not as sensitive as phone numbers, card numbers, passwords, and alike. However, they could still be used by bad actors for launching phishing and spear-phishing campaigns, especially since the targets may include the names and emails of government employees.

Journalists have even been able to confirm that some of the affected individuals can also be found on LinkedIn. Among the affected organizations are multiple official bodies from Germany, including its Federal Police, the Federal Criminal Police Office, the Military Counterintelligence Service, and the Federal Office for Telecommunications Statistics. Not to mention some of the major German firms, such as Deutsche Telekom, BMW, Mercedes-Benz, Deutsche Bahn, Allianz, and Bundesbank.

The risks of using VirusTotal

While VirusTotal is available to users for free if they wish to check a specific URL or file, the platform also offers a premium version which is available to public sector organizations and companies, The premium version allows users to gain more insight into the uploaded file samples.

Furthermore, the uploaded files are shared with security firms, researchers, and other professionals in the security sector. Some of these files may even constrain sensitive data, as was proven by SafeBreach researchers, who collected over 1 million credentials stored in files that info-stealers and keyloggers use. All of them have been uploaded to VirusTotal as part of the scanning efforts.

In fact, this is a part of the reason why Germany’s BSI had security concerns regarding VirusTotal in the past.

Summary
VirusTotal Suffers a Security Incident, Data Belonging to Registered Users Leaked
Article Name
VirusTotal Suffers a Security Incident, Data Belonging to Registered Users Leaked
Description
VirusTotal, a popular service used for virus and malware detection, recently suffered a data leak that may have exposed the details of some of its registered users.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading