VirusTotal apologized on Friday for leaking the information of over 5,600 customers after an employee mistakenly uploaded a CSV file containing their info to the platform last month.
The data leak impacted only Premium account customers, with the uploaded file containing their names and corporate email addresses.
Emiliano Martines, the online malware scanning service’s head of product management, also assured impacted customers that the incident was caused by human error and was not the result of a cyber-attack or any vulnerability with VirusTotal.
Furthermore, the leaked file was only accessible to VirusTotal partners and cybersecurity analysts with a Premium account with the platform.
Those using anonymous or free accounts cannot access the Premium platform and, consequently, cannot reach the leaked file.
“On June 29, an employee accidentally uploaded a CSV file to the VirusTotal platform. This CSV file contained limited information of our Premium account customers, specifically the names of companies, the associated VirusTotal group names, and the email addresses of group administrators,” Martines said on Friday.
“We removed the file, which was only accessible to partners and corporate clients, from our platform within one hour of its posting.”
Leaked info linked to government agencies worldwide
German news outlets Der Spiegel and Der Standard were the first to report the incident on Monday.
As they reported, the 313KB leaked file contained details concerning accounts associated with official U.S. entities, including the Cyber Command, Department of Justice, Federal Bureau of Investigation (FBI), and the National Security Agency (NSA).
Additionally, the file included accounts linked to government agencies in Germany, the Netherlands, Taiwan, and the United Kingdom.
“It is a list of 5600 names, including employees of the US intelligence service NSA and German intelligence services,” Der Spiegel said.
“Twenty accounts alone lead to the ‘Cyber Command’ of the USA, part of the American military and hub for offensive and defensive hacking operations. Also represented: the US Department of Justice, the US Federal Police FBI, and the Secret Service NSA.”
The file also contained information on employees of national authorities in the Netherlands, Taiwan, and the United Kingdom, as well as German government agencies, including the Federal Intelligence Service, the Federal Police, and the Military Counterintelligence Service (MAD).
Information on dozens of employees at Bundesbank, Deutsche Bahn, Allianz, BMW, Mercedes-Benz, and Deutsche Telekom was also found in the leaked file.
Source: www.bleepingcomputer.com