Big mistake at VirusTotal. As revealed by the two German and Austrian media Der Spiegel and Der Standard, this online service for analyzing malicious files belonging to Google Cloud briefly broadcast by mistake on June 29 a list of 5,600 customers which was not intended to be public.
According to Google Cloud, interviewed by journalists, a VirusTotal employee unintentionally uploaded this CSV file, which contained “limited information” about Premium customers – the name of their organization, their VirusTotal groups as well as the email addresses of administrators. The document, accessible only to partners and corporate clients, was deleted from the platform “within an hour of being posted online,” says the subsidiary of the Mountain View firm, which apologized Friday in a statement.
The leak may seem anecdotal and of a very limited impact. Except that computer security researchers may seek to remain discreet in order to work as calmly as possible. The pedigree of the people recorded in this file, obviously computer security experts from the US NSA and Cyber Command, as well as German intelligence services, also gives a certain scope to this leak.
According to Der Spiegel, the US federal police, the FBI, Dutch and English official organizations are also concerned by the leak. The Record is more precise about this: they would be Cert-Uk personnel, an entity attached to GCHQ. The latter media also reports the presence of French email addresses in this list, as well as emails from about fifteen countries, even if it is not known precisely which Hexagonal organizations were concerned.
“Since this incident, we have implemented new internal processes and technical controls to improve the security and backup of customer data,” says VirusTotal. A company well aware that this kind of incident seriously damages trust.