The security breach, which involves a database of 5,600 names in a 313KB file, was first disclosed yesterday by Der Spiegel and Der Standard.
Launched in 2004, VirusTotal is a popular service that uses an antivirus engine and website scanner to analyze suspicious files and URLs to detect types of malware and malicious content. It was acquired by Google in 2012 and became a subsidiary of the Chronicle unit of Google Cloud in 2018.
When contacted for comment, Google confirmed the leak and said it had taken immediate steps to remove the data.
“We are aware of the inadvertent distribution of a small segment of customer group administrator emails and organization names on the VirusTotal platform by one of our employees,” a Google Cloud spokesperson told The Hacker News.
“We removed the listing from the platform within an hour of posting and we are reviewing our internal processes and technical controls to improve our operations in the future.”
The data includes accounts linked to official US bodies such as Cyber Command, the Department of Justice, the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA). Other accounts are in Germany, the Netherlands, Taiwan and the U.K. belongs to government agencies.
Last year, Germany’s Federal Information Security Office (BSI) warned against automatically uploading suspicious email attachments to VirusTotal, noting that doing so could expose sensitive information.