Friday, July 21, 2023

Apology and Update on Recent Accidental Data Exposure

We are writing to share information about the recent customer data exposure incident on VirusTotal. We apologize for any concern or confusion this may have caused.

On June 29, an employee accidentally uploaded a CSV file to the VirusTotal platform. This CSV file contained limited information of our Premium account customers, specifically the names of companies, the associated VirusTotal group names, and the email addresses of group administrators. We removed the file, which was only accessible to partners and corporate clients, from our platform within one hour of its posting.

First and foremost, we want to clarify unequivocally: This was not the result of a cyber-attack or a vulnerability with VirusTotal. This was a human error, and there were no bad actors involved. 

This is an example of the data that was included in the CSV file:

Company Name

VT Group

Admin group email address

VirusTotal S.L.


We assure you that the data disclosed was limited strictly to the sort of information provided in the example above. Since this incident, we have implemented new internal processes and technical controls to improve the security and safeguarding of customer data.  

Trust is the bedrock of our community, and again we apologize for any confusion or concern this may have caused. 

If you have additional questions or would like to speak with our support team, please reach out to

Thank you,

The VirusTotal Team.

Additional Q&A

Q: Is my account at risk for hacking because of this incident?

No, the list only included company names, VirusTotal group tenant names and VirusTotal group administrator emails. The Premium VirusTotal platform is only accessible to partners and corporate clients.

Q: How did VirusTotal become aware of the file's existence?

This was quickly flagged by our partners and fellow analysts via our support system—we removed the file within an hour of its posting. We deeply appreciate their timely action.

Q: How did these partners and analysts notice this particular file?

Many of our customers have a Livehunt service based on YARA rules. This service helps them identify targeted attacks against their organizations, such as phishing. Some of these YARA rules search for files containing their own domains. In this instance, the file matched these rules and the system generated an alert. 

Q: Could a malicious entity or anonymous user have downloaded the file from the VirusTotal platform?

No. The file was only accessible to our partners and cybersecurity analysts who hold a Premium account with VirusTotal. No anonymous or free account users on VirusTotal had access to the Premium platform. 

Q: Why are files uploaded and scanned on VirusTotal accessible to partners and professional security analysts via the VirusTotal Premium platform?

The VirusTotal Premium platform facilitates the discovery of new cyber attacks by industry professionals and cybersecurity experts. This shared knowledge enables the analysis of new security threats, leading to updates in security products and an overall improvement in both corporate and worldwide security.

Q: Why was an employee able to download the list in the first place? Has VirusTotal taken any measures as a result of this incident?

This list of limited customer data was critical to their role. Since this incident, we have implemented new internal processes and technical controls to improve the security and safeguarding of customer data. 


Post a Comment