VirusTotal: We're sorry someone fat-fingered and exposed 5,600 users

Trending 2 months ago

VirusTotal coming issued a mea culpa, saying a blunder earlier this week by 1 of its unit exposed accusation belonging to 5,600 customers, including nan email addresses of US Cyber Command, FBI, and NSA employees.

The unintentional leak was owed to nan layer-eight problem; quality error. On June 29, an worker accidentally uploaded a .csv record of customer info to VirusTotal itself, said Emiliano Martinez, tech lead of nan Google-owned malware study site.

"This CSV record contained constricted accusation of our Premium relationship customers, specifically nan names of companies, nan associated VirusTotal group names, and nan email addresses of group administrators," Martinez wrote successful a Friday disclosure.

"We removed nan file, which was only accessible to partners and firm clients, from our level wrong 1 hr of its posting."

The worker had this database successful nan first spot because nan customer information was "critical to their role," we're told.

For those who don't know: VirusTotal allows netizens to – among different things – upload files, aliases taxable a URL to one, and nan tract runs nan worldly done various malware-scanning engines to spot if thing malicious is detected aliases identified. Premium subscribers tin besides download uploaded samples, and frankincense that's really nan uploaded .csv record of customer info was accidentally leaked.

Martinez said nan snafu was "unequivocally" not nan consequence of a information breach aliases vulnerability: "There were nary bad actors involved." After nan accidental upload, VirusTotal is reexamining its processes and power processes, he said.

"Again we apologize for immoderate disorder aliases interest this whitethorn person caused," Martinez concluded. 

  • JumpCloud says 'nation state' pack deed immoderate customers
  • North Korea created very phishy evil copy of Naver, South Korea's apical portal
  • Google changes email authentication aft spoof shows a bad transportation for UPS
  • Nickelodeon probes claims of monolithic information leak arsenic SpongeBob fans rejoice

Der Spiegel first reported nan leak connected Monday, saying nan 313KB record contained users' names and email addresses belonging to organizations' labor who registered for a VirusTotal account. 

This reportedly included much than 20 US Cyber Command email addresses, arsenic good arsenic those belonging to nan US Justice Department, FBI and NSA.  German, Dutch, and British and Taiwanese agencies were besides affected, including Germany's national police, Military Counterintelligence Service, arsenic good arsenic awesome German corporations for illustration BMW, Mercedes-Benz and Deutsche Telekom. ®