Due to a data breach at VirusTotal, the data of 5,600 customers has become public. Among them are an unknown number of American and German secret services employees. The list of names was taken offline within an hour.
This is reported by the German daily newspaper Der Spiegel.
Despite the warnings, things still go wrong
VirusTotal is a security platform where cybersecurity experts can upload and analyze suspicious files and URLs. The company scans these files and websites with antivirus software from seventy AV manufacturers. This way, you can see at a glance whether a file contains malware or whether nothing is wrong with it.
Something to take into account is that files that are uploaded are public. This makes it possible for confidential information to appear online. State actors who are up to no good can use this data for espionage purposes. The Bundesamt für Sicherheit in der Informationstechnik (BSI), the German counterpart of the National Cyber Security Center (NCSC), warned against this last year.
Despite this warning, things recently went wrong. A file of 313 kilobytes recently appeared online for a short time. In it, the names and contact details of a total of 5,600 customers were made public.
Many international bodies have been affected by the data breach
Despite this being a relatively small data breach, the impact is as significant as ever. The file contained the names and e-mail addresses of people who work for government agencies or intelligence services. For example, twenty accounts could be traced back to the US Cyber Command. The US Department of Justice, the FBI and NSA could also be traced.
Der Spiegel states that employees of Dutch, British and Taiwanese authorities were also mentioned in the file. Many German parties are also mentioned, including the Bundespolizei, Bundeskriminalamt (BKA), Militärische Abschirmdienst (MAD), BSI, BMW, Mercedes-Benz and Deutsche Telekom. The BSI confirms the authenticity of the list to the German daily.
The data leak was caused by human error.
The data leak is limited to names and e-mail addresses: passwords or other sensitive data have not ended up on the street. The information published online, however, limited, does say something about who uses VirusTotal’s services. Cybercriminals can misuse this data for phishing and social engineering. Finally, hackers use the platform to see if antivirus companies have detected their ransomware or spyware.
A spokeswoman for Google – the tech company that has owned VirusTotal since 2012 – says that an employee of the company had inadvertently disclosed “a small part of customer data”. The list was taken off the air within an hour. The spokeswoman says that VirusTotal will improve internal processes and technical controls to prevent a recurrence in the future.