VirusTotal

Summary

An employee accidentally exposed data associated with 5,600 VirusTotal customers. VirusTotal, a subsidiary of Google Cloud's Chronicle unit, allows customers to publicly upload and inspect files to determine if malicious content is detected, and provides subscription and premium services that enable organizations to upload files privately. Researchers who discovered the leak noted that the exposed emails were grouped by their associated enterprise customer accounts, further revealing some individuals using email providers other than their corporate domains as part of their threat intelligence work, with personal accounts registered to Gmail, Hotmail, and Yahoo.

Exposed data included accounts linked to individuals affiliated with the US Cyber Command, the National Security Agency, the Pentagon, the FBI, and some US military service branches. At the time of this writing, researchers assess that the data leak is limited to names and email addresses and does not contain any privately uploaded files or other sensitive information, and, therefore, considered low risk; however, impacted customers may be targeted in phishing attempts.