Skip to content

Over 5,600 names and emails compromised in VirusTotal data leak

  • by
  • 2 min read

In a significant breach of privacy, a small 313-kilobyte file containing a list of 5,600 names of employees of the US National Security Agency (NSA) and German intelligence services, among others, surfaced on the internet.

These individuals had all registered accounts with VirusTotal, a Google-owned IT security platform, as reported by Der Spiegel.

VirusTotal is highly regarded among IT security experts as one of the world’s most critical services in combating cyber attacks. It functions as a vast malware repository where users can submit suspicious files or links for analysis. These submissions are compared in the databases of 70 antivirus software manufacturers to identify potential threats, creating a global archive of digital attack tools, essentially a “badcode library.”

Twenty accounts on the list were linked to the US Cyber Command, the hub for offensive and defensive hacking operations of the American military. Additionally, the US Department of Justice, the FBI, and the NSA Secret Service were also identified as VirusTotal users. Other government entities from the Netherlands, Taiwan, and Great Britain were found among the platform’s customers.

The list also included employees from several big German corporations like Allianz, BMW, Mercedes-Benz, and Deutsche Telekom.

VirusTotal was acquired by Google in 2012

Fortunately, apart from the names and email addresses, no other data such as passwords, were exposed.

The Federal Office for Information Security (BIS), which has cautioned companies against uploading files on VirusTotal, has confirmed the leak and assumes that the data is authentic. BIS now has strongly advised the federal authorities not to upload files to VirusTotal.

In response to the leak, a Google Cloud spokeswoman acknowledged that a VirusTotal employee had inadvertently made a portion of customer data available on the platform, but the list was quickly removed within an hour of uploading.

In the News: FIN8 is using Sardonic backdoor to deploy Noberus ransomware


Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: [email protected]