ShiftDelete.Net Global

Unintended Exposure: VirusTotal leaks sensitive data!

Ana sayfa / CyberSecurity

In a shocking development, the well-known cyber threat intelligence service, VirusTotal, unintentionally exposed information of some of its registered users. According to German media outlets, the leakage was rather alarming as it included data connected to members of several intelligence agencies.

A small file makes a big impact

Late June saw a relatively tiny file, a mere 313 kilobytes, causing a significant impact. This file, which went public accidentally, contained a list of 5,600 names, which were all users of the security platform owned by Google. A startling revelation was that the list included members of prominent intelligence agencies such as the US Cyber Command, NSA, and their German counterparts.

The uncovered data provides an insight into the individuals handling IT security and malware issues within the affected organizations. This sensitive information could be exploited by malicious actors to orchestrate targeted spear-phishing attacks. The disclosed data majorly comprised of customers’ names and email addresses. This unfortunate incident occurred due to an employee’s accidental upload of the said data onto VirusTotal.

A swift response from Google

Google, on being notified about the data leak, acted promptly and ensured the data was removed immediately. A representative for Google Cloud admitted to the unintentional exposure of a small portion of customer data.

“We removed the list from the platform within an hour of uploading it. We are working on improving internal processes and technical controls to prevent this in the future,” stated a report from Der Spiegel.

The double-edged sword of digitization

While digital platforms like VirusTotal have revolutionized cybersecurity, they can also be the victims of the same threats they aim to neutralize. This incident serves as a stark reminder of the risks associated with digitization and the urgent need for stringent security measures.

We’d love to know your thoughts on this matter. How do you think such breaches can be better avoided? Please share your insights in the comment section below!

Yorum Ekleyin