VirusTotal data leak destroys privacy of US and German intelligence officers
A mistake by a Google employee endangered thousands of intelligence officers.
At the end of June, a 313 KB file with data from 5600 platform clients appeared on the network VirusTotal, among whom were employees of the US NSA, German intelligence services and large German companies. About it reported German media.
VirusTotal is an online service designed to analyze files and URLs to detect malware. The service uses many antivirus engines and other tools to scan the provided objects. When a user uploads a file or enters a URL on the VirusTotal website, the service automatically checks it for viruses, trojans, spyware, and other types of malicious code. Thus, VirusTotal creates a global archive of digital tools for attack, a kind of library of malicious codes.
However, this service carries certain risks. One of them is that the files uploaded to the platform become available to everyone who has a special account. This means that sensitive data can fall into the hands of attackers who can use the files for spying, phishing, or social engineering.
Employees of not only intelligence services, but also many other organizations and companies involved in information security got into the leak. Among them are the German police, the Federal Criminal Office (BKA), the Military Counterintelligence Service (MAD) and the Federal Intelligence Service (BND). The leak also contains data from employees of large German corporations Deutsche Bahn, Bundesbank, Allianz, BMW, Mercedes-Benz and Deutsche Telekom.
The leak does not affect passwords or other data, except for names and email addresses. However, this information may be sufficient to carry out targeted attacks using social engineering or phishing.
The leak also calls into question the reliability and security of the VirusTotal platform itself, which belongs to Google. It rarely happens that the internal data of Google systems becomes public due to a leak.
After discovering the leak, VirusTotal quickly removed the file from its website. A Google Cloud spokesperson said the leak was due to a mistake by a VirusTotal employee who “accidentally made a small portion” of customer data publicly available. He also added that the company is working to improve internal processes and technical controls to prevent similar incidents in the future.
VirusTotal remains a useful and popular service for combating cyber attacks, but its users should be careful and aware of the risks associated with uploading sensitive data to the platform. Otherwise, users may become victims of those they are trying to resist.