Security company exposed information of thousands of customers
Alphabet's well-known security company VirusTotal exposed thousands of data, including many government agencies, because an employee "downloaded the wrong file".
In an apology issued last week, VirusTotal admitted to leaking information of more than 5,600 customers. The incident occurred at the end of June, when an employee mistakenly uploaded a CSV file containing this information to the platform.
"The CSV file contains limited information about our Premium account customers, including the company name, the associated VirusTotal group name and the email address of the group administrator," said Emiliano Martines, head of product management at VirusTotal. He asserted that the leak was caused by human error, not a cyber attack or security hole.
VirusTotal is a security company under Alphabet. Photo: CyberNews
According to the company representative, the file when uploaded to the platform is also not publicly accessible to all, but can only be viewed by partner accounts and registered businesses. The file was deleted about an hour after it was discovered.
However, before it was deleted, many parties were able to download and distribute it. According to Bleeping Computer , the file is 313 KB in size and contains information related to the accounts of many government agencies, such as the Cyber Command, the Department of Justice, the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) of the United States, as well as a number of German, Dutch, and British government agencies. In addition, information about dozens of employees of major brands such as Allianz, BMW, Mercedes-Benz is also among the leaked information.
VirusTotal is a security company owned by Alphabet, specializing in the analysis of web addresses and files to detect the risk of malicious code.
According to experts, the leaked information is not much, but it is enough for the attacker to get the contact information of the people in charge of information security of the organizations, thereby carrying out an attack and phishing campaign.
"We have implemented new internal processes and technical controls to improve the security and protection of our customers' data," said Martines.
- Data Center Network Security | Next Generation Firewall
- Help Protect Your Digital Assets Against Cyber Threats Network Security
- Network Security Software | Search Learn more Security NET
- Spam filter, Antivirus software, Proxy server | Network access control (NAC)
- Review and analysis Managed Application Support Services for AWS