VirusTotal leaks user details, inlcuding intelligence agencies employees

VirusTotal, a popular cybersecurity platform owned by Google has, inadvertently exposed a file containing sensitive information of approximately 5,600 registered users to the public.

The leaked file included the names and email addresses of users, many of whom were associated with prominent intelligence agencies like the U.S. National Security Agency (NSA) and various German intelligence agencies.

Notably and very embarrasingly, among the compromised accounts  were

• 20 linked to the U.S. Cyber Command,
• users from the U.S. Department of Justice (DoJ),
• users from the Federal Bureau of Investigation (FBI), 
• users from the NSA. Additionally, the leaked list featured official bodies from other countries, including the Netherlands, Taiwan, and Great Britain.
• users from the Austrian Federal Ministry of Defense
• users from the Austrian Interior Ministry.
• users from German Federal Office for Information Security (BSI),
• users from German Federal Criminal Police Office (BKA),
• users from German Military Counter-Intelligence Service (MAD),
• users from German Federal Office for Telecommunications Statistics (BFSt),

Besides government and military personell, employees from prominent German companies like Deutsche Bahn, Allianz, BMW, Daimler, and Deutsche Telekom were also included in the compromised list.

The authenticity of the leaked information has been confirmed by journalists in credible international media.

Google responded to the incident, stating that an employee of VirusTotal inadvertently made a portion of customer data accessible. In response, the company removed the list from the platform and has since been working to enhance internal processes and implement improved technical controls to prevent similar breaches from happening in the future.

Although VirusTotal plays a crucial role in detecting malware and sharing threat intelligence among cybersecurity professionals, this error raises issues of their internal security processes.

Update - VirusTotal apologized on Friday for leaking the information of over 5,600 customers after an employee mistakenly uploaded a CSV file containing their info to the platform last month.
The head of product management, assured impacted customers that the incident was caused by human error and was not the result of a cyber-attack or any vulnerability with VirusTotal.
The leaked file was only accessible to VirusTotal partners and cybersecurity analysts with a Premium account with the platform.