Google’s malware scanning platform VirusTotal published an recent apology after hundreds of individuals working for defense and intelligence agencies globally had their names and email addresses accidentally exposed by an employee.
In a public statement, VirusTotal said it apologized “for any concern or confusion” the exposure may have caused and said it took place on 29 June, when the employee accidentally uploaded a CSV file to the platform.[1] “This CSV file contained limited information of our Premium account customers, specifically the names of companies, the associated VirusTotal group names, and the email addresses of group administrators. We removed the file, which was only accessible to partners and corporate clients, from our platform within one hour of its posting.”
The company stressed that the incident was not the result of a cyberattack or a vulnerability, but simply human error. It said that since the incident the platform has “implemented new internal processes and technical controls to improve the security and safeguarding of customer data.”
The list of 5,600 customers, which was seen by Recorded Future News, included hundreds of email addresses in the format “firstname.lastname@” for personnel working in sensitive government departments.
It identifies individuals affiliated with US Cyber Command and the National Security Agency, as well as with the Pentagon, the FBI, and several US military service branches. It reveals some military personnel are using email providers other than those connected to official domains as part of their threat intelligence work, with user accounts for some organizations and military commands registered to Gmail, Hotmail, and Yahoo.
From the United Kingdom, it contains the names of a dozen Ministry of Defense personnel as well as emails belonging to staff at the CERT-UK function of the National Cyber Security Center, a part of GCHQ. Keeping with GCHQ’s email format, the NCSC emails include only an initial for each users’ surname.
Full names are recognizable in the email addresses belonging to specialists working at the MoD, as well as at the Cabinet Office, the Nuclear Decommissioning Authority, and the Pensions Regulator. None of these agencies expressed concern about the incident when contacted by Recorded Future News, and spokespeople generally described it as a low-risk incident.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
Comments