VirusTotal apologized on Friday for leaking the information of more than 5,600 customers after an employee mistakenly uploaded a CSV file containing their information to the platform last month.
The data leak only affected Premium account customers, with the uploaded file containing their names and corporate email addresses.
Emiliano Martines, product management manager of the online malware scanning service, also assured affected customers that the incident was caused by human error and was not the result of a cyberattack or a VirusTotal vulnerability.
Additionally, the leaked file was only accessible to VirusTotal partners and cybersecurity analysts with a Premium account on the platform.
Those using anonymous or free accounts cannot access the Premium platform and therefore cannot access the leaked file.
“On June 29, an employee accidentally uploaded a CSV file to the VirusTotal platform. This CSV file contained limited information about our Premium Account customers, specifically company names, associated VirusTotal group names, and group administrator email addresses,” Martines said Friday.
“We removed the file, which was only accessible to partners and corporate clients, from our platform within an hour of posting it online.”
Leak of information related to government agencies around the world
As they reported, the leaked 313KB file contained details of accounts associated with official US entities, including Cyber Command, the Department of Justice, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA).
Additionally, the file included accounts linked to government agencies in Germany, the Netherlands, Taiwan, and the United Kingdom.
“It’s a list of 5,600 names, including employees of the US intelligence service NSA and German intelligence services”, Der Spiegel said.
“Twenty accounts alone lead to the United States’ Cyber Command, part of the United States military and a hub for offensive and defensive hacking operations. Also represented are: the United States Department of Justice, the United States Federal Police FBI, and the NSA Secret Service.”
The file also contained information on employees of national authorities in the Netherlands, Taiwan and the United Kingdom, as well as German government agencies, including the Federal Intelligence Service, the Federal Police and the Military Counterintelligence Service (MAD).
Information on dozens of employees of the Bundesbank, Deutsche Bahn, Allianz, BMW, Mercedes-Benz and Deutsche Telekom was also found in the leaked file.