Google offers an antivirus analysis service called VirusTotal. After mistakenly disclosing information from several clients recently, he had to apologize.
There has thus been a very significant data leak involving this online virus scanning platform that affects 5,600 premium account subscribers. Quite frustrating for a business that seeks to safeguard its consumers from outside threats. The FBI, NSA, and US Department of Justice are among the clients in this batch. Therefore, it is possible that extremely sensitive data were recovered.
A human error at the origin of this leak
Data breaches affect many businesses nowadays. Emiliano Martines, Product Manager at VirusTotal, claimed that this breach is not the result of an internal weakness or cyberattack. Users can trust the service as a result, which is somewhat reassuring. It appears that one employee made a mistake that caused the disaster.
On June 29, the latter reportedly unintentionally downloaded a CSV (Comma-Separated Value) file from the platform that contained the personal information of platform premium users. It had both the clients’ names and addresses for their places of business. There is reason to be concerned, particularly with material pertaining to governmental organizations.
The data exposed and the measures are taken by VirusTotal
The 313 KB leaky file contains highly confidential information. Governmental bodies outside of America are also impacted. Other government entities, including those in the United Kingdom, Germany, and Taiwan, were listed as clients that were impacted. The package also included data from a few staff members of renowned private businesses. Additionally engaged are Mercedes-Benz, BMW, Allianz, Deutsche Telekom, Deutsche Bahn, and Bundesbank.
Within an hour, VirusTotal had deleted the file that had been exposed on the platform. Additionally, the business expressed regret to the clients impacted by the disclosure. It has put in place new internal policies and technology measures to better safeguard its clients going forward.
Sources: BleepingComputer, Security Week