VirusTotal, a popular malware detection service owned by Google, leaked the names and email addresses of 5,600 users, including employees of the US Department of Justice, NSA, FBI, and others, Der Standard reports.
The leak, reportedly verified by the Austrian newspaper Der Standard and German outlet Der Spiegel, takes up only 313 kilobytes yet reveals those responsible for malware research in intelligence and law enforcement agencies.
We reached out to VirusTotal for separate confirmation but did not receive a reply before publishing.
The list supposedly includes twenty accounts from the US Cyber Command, German secret service, Dutch, Taiwanese, British, Austrian government employees, and others. Der Standard reports that details of employees from several German corporations, such as BMW, Daimler, Allianz, and Deutsche Telekom, are also included.
The leak only revealed VirusTotal account holders’ names and email addresses. While account passwords were not exposed, the leak identifies IT Security personnel in organizations dealing with sensitive material. The exposure could lead to attacks that are tailor-made to target specific individuals.
VirusTotal is an essential tool for security researchers as the service aggregates antivirus products and online scan engines, allowing them to check for viruses that antivirus programs may have missed.
Service’s use is so ubiquitous that VX-underground analysts reacted to the leak saying attackers got personal identifiable information (PII) “on every malware analyst on the planet.”
VirusTotal was launched in 2004 by Spanish security company Hispasec Sistemas. In 2012, the company was acquired by Google, which gave the ownership to its subsidiary Chronicle in 2018.
Your email address will not be published. Required fields are markedmarked