Connect with us

Hi, what are you looking for?


Data Breaches

VirusTotal Provides Clarifications on Data Leak Affecting Premium Accounts

VirusTotal has provided clarifications on the recent data leak that resulted in the exposure of information on 5,600 of the threat analysis service’s customers.

VirusTotal on Friday provided clarifications on the recent data leak that resulted in the exposure of information on 5,600 of the threat analysis service’s customers.

News broke earlier this week that VirusTotal had exposed a file containing information on 5,600 registered customers, including names and email addresses. 

Some of the records were associated with government organizations around the world, including the United States’ Justice Department, FBI, NSA and Cyber Command. The main concern was that the leaked information could be leveraged by threat actors in social engineering attacks aimed at impacted users.

In a blog post published on Friday, VirusTotal apologized to customers and shared some clarifications on the incident.

According to the Google-owned service, an employee accidentally uploaded a CVS file containing information on Premium account customers on June 29. The file contained information such as organization name, associated VirusTotal group name, and group administrator email addresses.

“First and foremost, we want to clarify unequivocally: This was not the result of a cyber-attack or a vulnerability with VirusTotal. This was a human error, and there were no bad actors involved,” explained Emiliano Martinez, head of product management at VirusTotal. 

“Since this incident, we have implemented new internal processes and technical controls to improve the security and safeguarding of customer data,” Martinez added.

The VirusTotal representative clarified that the exposed list was only accessible to partners and corporate clients — only they have access to the Premium platform where the file was uploaded — and it couldn’t have been seen by malicious actors, nor by free account holders of anonymous users. 

Advertisement. Scroll to continue reading.

The file was removed within an hour. It was quickly noticed by VirusTotal customers who received alerts because they use Yara rules that search for files containing their own domains. 

The company also noted that the employee who mistakenly uploaded the data to the platform was in possession of the information because it is critical to their role. 

Related: API Flaw in QuickBlox Framework Exposed PII of Millions of Users

Related: Acronis Clarifies Hack Impact Following Data Leak

Related: Twitter Finds No Evidence of Vulnerability Exploitation in Recent Data Leaks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users.