VirusTotal Data Leak Exposes Critical Customer Details - Are You at Risk?

Mohit K
July 28, 2023
|
2
mins read

VirusTotal Data Leak Exposes 5k+ Registered Customers' Details

Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, were exposed after an employee inadvertently uploaded the information to the malware scanning platform.

The security incident, which comprises a database of 5,600 names in a 313KB file, was disclosed. Google confirmed the leak and said, it took immediate steps to remove the data - "We are aware of the unintentional distribution of a small segment of customer group administrator emails and organization names by one of our employees on the VirusTotal platform and we removed the list from the platform within an hour of its posting.”

Impact

This breach included data from accounts linked to official U.S. bodies such as the Cyber Command, Department of Justice, Federal Bureau of Investigation (FBI), and the National Security Agency (NSA). Other accounts belong to government agencies in Germany, the Netherlands, Taiwan, and the U.K.

Threat Vector

  • Insufficient Protection against Insider Threats
  • Improper Cloud Access Security Broker Data (CASB) Validation

Security Recommendations

  • Educate employees and improve awareness
  • Add trending attack scenarios and prevention technique tutorials and shorts to the awareness training
  • Validate the CASB rules and monitor the suspicious attachments
  • Make sure the suspicious attachments are reviewed by the security experts and approved/declined
  • Monitor the dark web and public data leakage
  • Strengthen corporate data security and acceptable use policy

How Telivy Can Help Your Organization

Dark Web Monitor ✅

External Network Vulnerability Scan ✅

Sensitive Data Identification ✅

Credential Leakage Detection ✅

Phishing Simulation & Training✅

Identity and Access Management ✅

External Surface Exposure ✅

And Much More ✅

If you are interested in a demo of how our services can help you manage this concern and many more, please email support@telivy.com and we will reach out to schedule some time with you!

Reference

The Hacker News. “VirusTotal Data Leak Exposes Some Registered Customers’ Details.” The Hacker News, thehackernews.com/2023/07/virustotal-data-leak-exposes-some.html.

Image by benzoix on Freepik

Automate your cyber security audits and monitor your security posture.

More from Telivy's Blog