I use Google owned VirusTotal to examine suspicious files as part of investigations that I do for my corporate and sometimes home clients. It’s a very useful tool for me and others. But I suspect that some are rethinking that after it found to have leaked the data of 5600 customers:
VirusTotal apologized on Friday for leaking the information of over 5,600 customers after an employee mistakenly uploaded a CSV file containing their info to the platform last month.
The data leak impacted only Premium account customers, with the uploaded file containing their names and corporate email addresses.
Emiliano Martines, the online malware scanning service’s head of product management, also assured impacted customers that the incident was caused by human error and was not the result of a cyber-attack or any vulnerability with VirusTotal.
Furthermore, the leaked file was only accessible to VirusTotal partners and cybersecurity analysts with a Premium account with the platform.
Those using anonymous or free accounts cannot access the Premium platform and, consequently, cannot reach the leaked file.”On June 29, an employee accidentally uploaded a CSV file to the VirusTotal platform. This CSV file contained limited information of our Premium account customers, specifically the names of companies, the associated VirusTotal group names, and the email addresses of group administrators,” Martines said on Friday.
“We removed the file, which was only accessible to partners and corporate clients, from our platform within one hour of its posting.”
Well, that’s one hell of a screw up. Especially because of this:
German news outlets Der Spiegel and Der Standard were the first to report the incident on Monday.As they reported, the 313KB leaked file contained details concerning accounts associated with official U.S. entities, including the Cyber Command, Department of Justice, Federal Bureau of Investigation (FBI), and the National Security Agency (NSA). Additionally, the file included accounts linked to government agencies in Germany, the Netherlands, Taiwan, and the United Kingdom.”It is a list of 5600 names, including employees of the US intelligence service NSA and German intelligence services,” Der Spiegel said.
That’s pretty bad. And this makes it worse:
Information on dozens of employees at Bundesbank, Deutsche Bahn, Allianz, BMW, Mercedes-Benz, and Deutsche Telekom was also found in the leaked file.
I suspect that there’s going to be a lot of explaining that VirusTotal will have to do over the next few days to reassure those customers.
Related
This entry was posted on July 23, 2023 at 8:42 am and is filed under Commentary with tags Privacy. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
VirusTotal Leaks Data…. A Lot Of It
I use Google owned VirusTotal to examine suspicious files as part of investigations that I do for my corporate and sometimes home clients. It’s a very useful tool for me and others. But I suspect that some are rethinking that after it found to have leaked the data of 5600 customers:
VirusTotal apologized on Friday for leaking the information of over 5,600 customers after an employee mistakenly uploaded a CSV file containing their info to the platform last month.
The data leak impacted only Premium account customers, with the uploaded file containing their names and corporate email addresses.
Emiliano Martines, the online malware scanning service’s head of product management, also assured impacted customers that the incident was caused by human error and was not the result of a cyber-attack or any vulnerability with VirusTotal.
Furthermore, the leaked file was only accessible to VirusTotal partners and cybersecurity analysts with a Premium account with the platform.
Those using anonymous or free accounts cannot access the Premium platform and, consequently, cannot reach the leaked file.”On June 29, an employee accidentally uploaded a CSV file to the VirusTotal platform. This CSV file contained limited information of our Premium account customers, specifically the names of companies, the associated VirusTotal group names, and the email addresses of group administrators,” Martines said on Friday.
“We removed the file, which was only accessible to partners and corporate clients, from our platform within one hour of its posting.”
Well, that’s one hell of a screw up. Especially because of this:
German news outlets Der Spiegel and Der Standard were the first to report the incident on Monday.As they reported, the 313KB leaked file contained details concerning accounts associated with official U.S. entities, including the Cyber Command, Department of Justice, Federal Bureau of Investigation (FBI), and the National Security Agency (NSA). Additionally, the file included accounts linked to government agencies in Germany, the Netherlands, Taiwan, and the United Kingdom.”It is a list of 5600 names, including employees of the US intelligence service NSA and German intelligence services,” Der Spiegel said.
That’s pretty bad. And this makes it worse:
Information on dozens of employees at Bundesbank, Deutsche Bahn, Allianz, BMW, Mercedes-Benz, and Deutsche Telekom was also found in the leaked file.
I suspect that there’s going to be a lot of explaining that VirusTotal will have to do over the next few days to reassure those customers.
Share this:
Like this:
Related
This entry was posted on July 23, 2023 at 8:42 am and is filed under Commentary with tags Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.