German media has reported that the data of 5600 clients of the Virustotal platform, including employees of US and German intelligence services and large German companies, has appeared on the network. The leaked file is 313 KB in size and contains confidential information.
Virustotal is an online service that analyzes files and URL addresses to detect the presence of malicious programs. It uses multiple antivirus engines and tools to scan the provided objects. When a user uploads a file or provides a URL to Virustotal, the service automatically checks it for viruses, trojans, spy programs, and other types of malicious code. This creates a global archive of harmful codes.
However, using this service comes with certain risks. One of them is that files uploaded to the platform become accessible to anyone with a special account. This means that confidential data can fall into the hands of attackers who may use it for espionage, phishing, or social engineering.
The leaked data includes not only information from intelligence services, but also from other organizations and companies involved in information security. This includes Germany’s police, the Federal Criminal Affairs Department (BKA), the military counterintelligence service (MAD), the Federal Intelligence Service (BND), and employees of major German corporations such as Deutsche Bahn, Bundesbank, Allianz, BMW, Mercedes-Benz, and Deutsche Telekom.
The leaked information consists of names and email addresses, but does not include passwords or other sensitive data. However, this information can still be used for targeted attacks through social engineering or phishing.
The leak raises doubts about the reliability and security of the Virustotal platform, which is owned by Google. It is rare for Google’s internal data to become public due to a leak.
Upon discovering the leak, Google quickly removed the file from the Virustotal site. A representative of Google Cloud stated that the leak occurred due to a mistake by one of the Virustotal employees, who “accidentally made a small part of” customer data accessible to all. The company is now working on improving internal processes and implementing technical controls to prevent such incidents in the future.
Despite the leak, Virustotal remains a valuable and popular service in combating cyber attacks. However, users should exercise caution and be aware of the risks associated with uploading confidential data to the platform, as they may become potential targets for those they are trying to defend against.