VirusTotal Data Leak – Thousands of Credentials Exposed

The internet may have made our day-to-day life convenient, but it’s still not safe to surf it without proper precautions. There are numerous tools we use to scan questionable files and URLs for malicious material. However, sometimes, even those created to protect us can slip, which is exactly the case with VirusTotal.

The Google-owned online service needs no introduction, as it’s, without a doubt, one of the most popular online security tools out there. Unfortunately, a mistake by an employee exposed critical information of around 5,600 of its users.

VirusTotal is used by many, including individuals in departments where data is very critical. What does the data include? What parties are affected? We’ll shed more light on the matter in the following article.

VirusTotal – From Scanning to Exposing

In the world of cybersecurity, threat actors aren’t the only threat out there. Some cases show that individuals can pose a threat to themselves and the companies they work for by inadvertently clicking a link, sharing information, and even uploading content.

In fact, one of the most recent incidents clearly reflects this. Rockstar Games (GTA’s Parent Company) suffered a huge data breach as a result of a compromised Slack chat.

The hacker behind it managed to intercept Rockstar’s Slack channel where the videos were posted. As a result, they accessed footage from the long-awaited Grand Theft Auto 6 game.

Speaking of uploaded content, VirusTotal’s case is no different. This data leak saw the light after an employee inadvertently uploaded the data to the malware scanning platform.

When reached out to, Google confirmed the leak and stated that the breach includes a database of 5,600 names in a 313KB file:

“We are aware of the unintentional distribution of a small segment of customer group administrator emails and organization names by one of our employees on the VirusTotal platform.

We removed the list from the platform within an hour of its posting and we are looking at our internal processes and technical controls to improve our operations in the future.”

Let’s face it. Despite removing the file within an hour of it getting uploaded, it must have been downloaded by at least one user.

Unfortunately, that’s not the worst part. As we mentioned, VirusTotal is used by various organizations, and the data is very crucial.

According to German news magazine Der Spiegel, the exposed information includes names and email addresses of the following:

• Cyber Command
• Department of Justice
• Federal Bureau of Investigation (FBI)
• National Security Agency (NSA)

That’s just in the US. The breach also included data belonging to government agencies in Germany, the Netherlands, Taiwan, and the U.K.

A Critical Breach with Critical Consequences

We can’t deny how effective VirusTotal is. However, as reported by Germany’s Federal Office for Information Security (BSI), data is uploaded to the platform in a manner that makes it easy to expose.

Although passwords remain cloaked, usernames and email addresses are more than enough for cybercriminals to perform all sorts of malicious activities, including phishing attacks.

Individuals and organizations that may be affected by this breach are highly advised to remain vigilant all the time. Any email address they receive might be a hacking attempt.