We are writing to share information about the recent customer data exposure incident on VirusTotal. We apologize for any concern or confusion this may have caused.
On June 29, an employee accidentally uploaded a CSV file to the VirusTotal platform. This CSV file contained limited information of our Premium account customers, specifically the names of companies, the associated VirusTotal group names, and the email addresses of group administrators. We removed the file, which was only accessible to partners and corporate clients, from our platform within one hour of its posting.
First and foremost, we want to clarify unequivocally: This was not the result of a cyber-attack or a vulnerability with VirusTotal. This was a human error, and there were no bad actors involved.
This is an example of the data that was included in the CSV file: