Learn from Virustotal data leak. Don't carelessly submit your personal info

[SeriouslyGiveaway]

VirusTotal recently have a data leak of 5600 customers because one of their staffs mistakenly uploaded an incorrect CSV file.

They said sorry but as customers, we know our information is gone. From the Virustotal leak, lesson we can learn is we should self restrict where we submit our personal information. As least as possible because the more platforms we submit such personal information, more such data leak will happen in future.

VirusTotal today issued a mea culpa, saying a blunder earlier this week by one of its staff exposed information belonging to 5,600 customers, including the email addresses of US Cyber Command, FBI, and NSA employees.

The unintentional leak was due to the layer-eight problem; human error. On June 29, an employee accidentally uploaded a .csv file of customer info to VirusTotal itself, said Emiliano Martinez, tech lead of the Google-owned malware analysis site.

“This CSV file contained limited information of our Premium account customers, specifically the names of companies, the associated VirusTotal group names, and the email addresses of group administrators,” Martinez wrote in a Friday disclosure.

https://www.databreaches.net/virustotal-were-sorry-someone-fat-fingered-and-exposed-5600-users/
https://www.theregister.com/2023/07/21/virustotal_data_exposure_apology/
https://www.malwarebytes.com/blog/news/2023/07/accidental-virustotal-upload-is-a-valuable-reminder-to-double-check-what-you-share
https://www.bleepingcomputer.com/news/security/virustotal-apologizes-for-data-leak-affecting-5-600-customers/

[1714696144]

1714696144

[1714696144]

1714696144

[1714696144]

1714696144

[Porfirii]

The problem here is that more and more services require some kind of personal info, where not directly KYC. In some cases they have legal obligation to do that, in some others they need the info to provide the service. In these cases one should think it twice before using them, if there is no real need or you can find the same thing without submitting personal data. In some cases these data will be used against you, we all know, but even if the managers of the service act in good faith, cases like this one remember that we should alway protect that info. In Europe we have the best laws in the world on this, but nobody is protected from leaks like that.

[SeriouslyGiveaway]

The problem here is that more and more services require some kind of personal info, where not directly KYC. In some cases they have legal obligation to do that, in some others they need the info to provide the service. In these cases one should think it twice before using them, if there is no real need or you can find the same thing without submitting personal data.

If we can find alternatives and can use them without requirements with personal information, we should choose and use alternatives. Security wise and we don't have to sleep with fear of our personal information is leak at night.

[Doan9269]

We don't have to totally rely on centralized Institutions that our informations with them are secured, some users will go to the extent of giving them their private keys details to help them keep because they think they are corperate organization and wouldn't spy on their data, the real truth here is that as long as you're not decentralized you're not safe, be deliberate about every bit of informations submitted in other for you not to regret your actions later when they might have introduced malwares to spy on your private data with them.