The latest news revealed a popular Google platform to scan malicious documents from Virustotal exposed to data breaches of its registered customers.
At the end of June, a file comprising the data of 5,600 names in a 313KB file, including employees of the US secret service NSA and German secret services, went public.
Virustotal is one of the most popular services IT security professionals use to analyze suspicious files to detect malicious activity.
VirusTotal analyzes suspicious files and URLs to detect types of malware and malicious content using antivirus engines and website scanners.
It provides an API allowing users to access the information VirusTotal generates.
After investigation, it was found that a Virustotal employee had “unintentionally made a small part” of customer data available on Virustotal.”
“We removed the list from the platform within an hour of uploading it.” We are working on improving internal processes and technical controls to prevent this in the future.” said the spokesperson of Google cloud.
The leaked information consists of email addresses and organizations of the employees, which leads to opportunities for abuse; fortunately, passwords were not impacted.
The German news magazine “Der Spiegel” and the British newspaper “The Standard” were able to confirm that the list is real. There are names of people who work for the government, and some of them can also be found on Linkedin.
The Federal Office for Information Security (BSI) warned companies and organizations about automatically uploading suspicious files on the platform last year.
Sometimes, private company information would be “de facto made public” by accident.
Since it offers free services to customers, there is also a paid version available for the users to download files that are stored on Virustotal.
Attackers utilize this platform to check whether their malicious files are detected by this platform.
This shows how vulnerable Virustotal is to be exploited by attackers and help others utilize the platform for future attacks.