VirusTotal Data Leak Exposes Critical Customer Details - Are You at Risk?

Mohit K
July 28, 2023
|
2
mins read

VirusTotal Data Leak Exposes 5k+ Registered Customers' Details

Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, were exposed after an employee inadvertently uploaded the information to the malware scanning platform.

The security incident, which comprises a database of 5,600 names in a 313KB file, was disclosed. Google confirmed the leak and said, it took immediate steps to remove the data - "We are aware of the unintentional distribution of a small segment of customer group administrator emails and organization names by one of our employees on the VirusTotal platform and we removed the list from the platform within an hour of its posting.”

Impact

This breach included data from accounts linked to official U.S. bodies such as the Cyber Command, Department of Justice, Federal Bureau of Investigation (FBI), and the National Security Agency (NSA). Other accounts belong to government agencies in Germany, the Netherlands, Taiwan, and the U.K.

Threat Vector

  • Insufficient Protection against Insider Threats
  • Improper Cloud Access Security Broker Data (CASB) Validation

Security Recommendations

  • Educate employees and improve awareness
  • Add trending attack scenarios and prevention technique tutorials and shorts to the awareness training
  • Validate the CASB rules and monitor the suspicious attachments
  • Make sure the suspicious attachments are reviewed by the security experts and approved/declined
  • Monitor the dark web and public data leakage
  • Strengthen corporate data security and acceptable use policy

How Telivy Can Help Your Organization

Dark Web Monitor ✅

External Network Vulnerability Scan ✅

Sensitive Data Identification ✅

Credential Leakage Detection ✅

Phishing Simulation & Training✅

Identity and Access Management ✅

External Surface Exposure ✅

And Much More ✅

If you are interested in a demo of how our services can help you manage this concern and many more, please email support@telivy.com and we will reach out to schedule some time with you!

Reference

The Hacker News. “VirusTotal Data Leak Exposes Some Registered Customers’ Details.” The Hacker News, thehackernews.com/2023/07/virustotal-data-leak-exposes-some.html.

Image by benzoix on Freepik

Automate cyber security assessments. Access to all security details on one dashboard.
Create AccountSchedule Demo
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

More from Telivy's Blog

What is a Cybersecurity Risk Assessment?

Risk assessment in cybersecurity involves identifying, analyzing, and evaluating potential risks and vulnerabilities related to an organization's digital assets, information systems, and technological infrastructure. It aims to assess the potential impact of cyber threats and attacks, as well as the likelihood of those threats occurring.

Malware | How to Protect Your System

Malware, short for malicious software, is a term used to describe any software designed to harm, exploit, or gain unauthorized access to computer systems, networks, or data. It is created with malicious intent and aims to compromise the confidentiality, integrity, and availability of the targeted systems or data.

What is Data Security? | Definition, Importance, Risks, and Solutions

Find out how to protect your digital information and assets with data security and privacy solutions! Learn the core elements, importance, consequences of inadequate security, and common techniques.

Made in San Francisco ❤️
Ⓒ 2024 Telivy. All rights reserved