Friday, February 14, 2025
HomeCyber Security NewsSensitive Information of VirusTotal Users Exposed in Data Leak

Sensitive Information of VirusTotal Users Exposed in Data Leak

Published on

SIEM as a Service

Follow Us on Google News

Globally, security analysts and IT professionals heavily rely on Virustotal, a vast malware database, to scan files for viruses and malware. Even it also enables users to upload suspicious files or links to assess potential threats effectively.

VirusTotal, crucial in the battle against cyberattacks, is utilized by 70 antivirus manufacturers to compare submissions for suspicious code.

VirusTotal’s data breach exposed a subset of registered customers’ names and email addresses when an employee accidentally uploaded the data to the scanning portal of the platform.

Der Spiegel and Der Standard disclosed recently that in June, a small 313KB file unintentionally goes public, containing 5,600 names, including NSA and German secret service employees registered on VirusTotal.

Data Leak

VirusTotal, established in 2004, analyzes suspicious files and URLs for malware using antivirus engines and website scanners. However, Google acquired it in 2012, and in 2018, it became a Google Cloud Chronicle subsidiary.

Google confirmed the leak and acted quickly to remove the data, acknowledging an employee’s accidental distribution of customer group admin emails and organization names on VirusTotal.

Within an hour, Google removed the list and is now examining internal processes and technical controls for future improvements.

The data reveals government employees’ names, some present on LinkedIn, including reluctant ones, which adds importance, given their confidential nature and information access.

The leak impacts Austria’s Federal Ministry of Defense and Interior, including three BSI employees. It also affects German corporations like Deutsche Bahn, Bundesbank, and Dax giants such as:-

  • Allianz
  • BMW
  • Daimler
  • Deutsche Telekom

Abusive opportunities

Names and email addresses leaked, but passwords seem unaffected. However, the breach discloses IT security personnel in companies, services, and organizations, creating potential for social engineering and targeted phishing attacks.

The VDMA (The German Association of Mechanical Engineers) accidentally shared a portal link and password via email, visible to all Virustotal users, allowing hackers to access the portal and check for detected and undetected attacks. While the association claims they were unaware of the exposure.

Hackers employ Virustotal to evade antivirus detection for their spy software. While their basic version is free, but, paid options also exist, which enable storing files on their servers. 

Experts suspect secret services use it too, testing attack codes against 70 antivirus manufacturers and tracking hackers who upload their tools.

BSI employee impact is seen as “uncritical,” but for others, risk assessment remains uncertain. Besides this, there is a strong recommendation from BSI to not upload any files to the VirusTotal scanning portal.

Stay up-to-date with the latest Cyber Security News; follow us on GoogleNews, Linkedin, Twitter, and Facebook.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Fake BSOD Attack Launched via Malicious Python Script

A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick...

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using...

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign...

North Korean IT Workers Penetrate Global Firms to Install System Backdoors

In a concerning escalation of cyber threats, North Korean IT operatives have infiltrated global...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Fake BSOD Attack Launched via Malicious Python Script

A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick...

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using...

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign...