The web service virustotal.com (founded by the Spanish company Hispasec Sistemas, taken over by Google), which has been operated by Google since 2012, is popular among security researchers and companies for checking suspicious files for malware.
However, there are warnings about how critical automated documents uploaded to Virustotal are with regard to data protection and data leaks, because the data can be viewed by third parties.
And even registering with virustotal.com is not a good idea, as a data leak shows.
The Austrian media STANDARD has received a list of registered customers of virustotal.com, which disclose names of employees including e-mail addresses. Some of those affected, from secret services or companies, would rather not see their data in public.
The Austrian STANDARD has received a file of only 313 kilobytes that would have been better never to become public. At the end of July 2023, this file probably reached the Internet via a data leak. The file is explosive: It contains a list of 5,600 names of customers of the virustotal.com platform who were registered there. This includes employees of the US intelligence agency NSA and German intelligence agencies.
How the file exactly became public (e.g. as an upload to Virustotal) is not revealed. However, based on the characteristics of the data, the file must have originated from the inner environment of virustotal.com.
The STANDARD, which has the file with the list,
writes that in each case it contains the name of the organization and the e-mail address of the employees who registered the account on virustotal.com.
According to the STANDARD, it has checked the data together with German news magazine
Der Spiegel, and the data is probably genuine. The incident shows how critical online activities are when data gets into the hands of unauthorized third parties via a leak. In the above case, there is a risk that the captured data will be misused for cyber attacks by means of social engineering.
![[correlate]](/data/avatars/m/79/79653.jpg?1556985072){kind=avatar}
