The user database from Google’s Virustotal service has been leaked on the internet, revealing the names, email addresses, and organizations of around 5,600 service users. Among these users are employees of the US NSA and German intelligence services. The authenticity of the data has been confirmed, with some names matching those found on LinkedIn. The leak exposes employees from various official institutions around the world, including the US Cyber Command, FBI, and UK intelligence agencies. German institutions and companies are also represented in the leaked data. Virustotal is a useful service for IT security experts, but the data leak could make spear phishing attacks easier. Virustotal also shares uploaded information with users and antivirus companies, which may include confidential data. In March 2020, the BSI issued a security warning about the potential risk of sharing confidential information on Virustotal. Google has acknowledged the leak and is working on improving its internal processes to prevent future incidents. Users of Virustotal should be cautious of any attempts at contact that may be phishing attempts. In April 2020, a vulnerability in an outdated library used by Virustotal allowed researchers to inject their own code into the platform, but Google’s systems were unaffected.
