In a recent security incident, sensitive personal information of security professionals and government employees associated with the malware scanning platform VirusTotal has been exposed due to a data breach. The breach, originating from a negligent action by an employee, has raised concerns about potential targeted attacks on individuals involved in critical security operations.
The Data Leak and its Scope:
The data leak, first reported by the Austrian newspaper Der Standard and German outlet Der Spiegel, involves a 313-kilobyte file containing personal information of VirusTotal account holders. The leaked information primarily includes names and email addresses, posing a risk to identifying security personnel involved in malware research. The leak encompasses accounts from various organizations, including the US Cyber Command, the German secret service, Dutch and Taiwanese government agencies, and notable corporations like BMW, Daimler, Allianz, and Deutsche Telekom.
VirusTotal’s Significance and Vulnerability:
VirusTotal, launched in 2004 by Spanish security company Hispasec Sistemas, has become an indispensable tool for security researchers worldwide. The platform aggregates antivirus products and online scan engines, enabling researchers to detect malware and malicious content missed by traditional antivirus programs. Due to its widespread usage, the leaked data puts numerous malware analysts at risk of targeted attacks. Analysts from VX-underground have emphasized the gravity of the situation, suggesting that personal identifiable information (PII) of “every malware analyst on the planet” may have been compromised.
Google’s Response and Immediate Actions:
Google, which acquired VirusTotal in 2012 and subsequently made it a subsidiary of Chronicle, its Google Cloud unit, has confirmed the data leak. The company promptly removed the leaked list from the platform within an hour of its discovery. In response to the incident, a Google Cloud spokesperson acknowledged the unintentional distribution of customer information and expressed the company’s commitment to improving internal processes and technical controls to prevent similar occurrences in the future.
Impacted Organizations and Government Bodies:
The leaked database includes a subset of VirusTotal’s registered customers, comprising accounts linked to several official U.S. bodies such as the Cyber Command, Department of Justice, Federal Bureau of Investigation (FBI), and the National Security Agency (NSA). Additionally, government agencies from Germany, the Netherlands, Taiwan, and the United Kingdom are affected. The leak also encompasses employees from well-known German corporations, including Deutsche Bahn, Allianz, BMW, Mercedes-Benz, and Deutsche Telekom.
Advisory from German Federal Office for Information Security (BSI):
Der Spiegel’s report highlights that confidential information from the German Federal Office for Information Security (BSI) was also uploaded to the VirusTotal database. In light of the breach, the BSI has acknowledged the leak and cautioned federal authorities against uploading files to the platform. This incident underscores the need for heightened vigilance and adherence to secure practices when handling sensitive information.
Conclusion:
The data leak from VirusTotal has exposed the personal information of cybersecurity experts, intelligence agencies, and government employees worldwide. With the leaked data identifying individuals involved in malware research and security operations, targeted attacks tailored to exploit this information pose a significant risk. As the parent company, Google swiftly responded by removing the leaked list and pledging to enhance internal processes and technical controls.
