The Virustotal platform has issued an apology and provided an update regarding a recent incident of accidental data exposure.
VirusTotal was established in 2004 as a complimentary service that examines files and URLs for viruses, worms, trojans, and other malevolent content.
It is one of the most popular services IT security professionals use to analyze suspicious files to detect malicious activity.
Virus Total recently launched an AI-powered code analysis feature dubbed “Code Insight.”
On June 29, the organization’s employee accidentally uploaded a CSV file to the Virus Total Platform; this file contain include limited information about premium account customers, especially the names of the company, the associated VirusTotal group names, and the email addresses of group administrators.
CSV File Contains User Data:
A Comma Separated Values (CSV) file is a plain text file containing a data list. These files are often used for exchanging data between different applications. For example, databases and contact managers often support CSV files.
After, they found and removed the file within one hour, which was only accessible to partners and corporate clients.
The organization clarified that it was not the result of a cyber-attack or vulnerability, and they specified it was a human error.
The file contains over 5600 customer names and email addresses that are registered. If accessed by threat actors, this could result in targeted phishing attacks.
An Example of a CSV File:
As a result of this incident, they implemented new internal processes and technical controls to improve the security and safeguarding of customer data.