VirusTotal, an anti-malware solution provider, is now offering a service that can collect credentials stolen by malicious software aka malware. And the Ireland-based company states that the info might have uploaded onto its cloud by its users to check whether it’s free from any kind of malware- without knowing a fact that it contains critical details.
To prove it, researchers from SafeBreach purchased a €600 license from the anti-malware firm to collect over 1,000,000 usernames and passwords stored on the cloud based database of the said company.
Tomer Bar, the Director of Security Research at SafeBreach, confirmed the report and stated that the data must have been uploaded onto the servers of VirusTotal either by mistake or with a purpose that has now landed in the hands of its researchers.
So, how to find the data on the company’s database is the next question?
It’s simple, VirusTotal’s APIs and Tools can be used to search for the data, a method similar to that of Google Hacking or Dorking, to find sensitive credentials belonging to email and social media accounts, accounts to shop on e-commerce websites, online payment service related accounts, gaming platform details, information related to login to some government utility websites, streaming service information, online banking details and in the rarest cases details related to private keys to open cryptocurrency wallets.
Google, the actual owner of VirusTotal, has taken a note of the situation and has been advised by security researchers of SafeBreach to search for any sensitive info and delete it on an immediate note.
The Alphabet Inc, subsidiary has also assured that it will introduce a data storage algorithm soon that will disallow users from uploading files contained plain text, and encrypted information in text or images that can only be accessed with password inputs.