He used retrohunt service which is part of virustotal https://virustotal.readme.... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ffjffsfr on Aug 14, 2024 \| parent \| context \| favorite \| on: Corporate Secrets Were Left Exposed. This Guy Foun... He used retrohunt service which is part of virustotal https://virustotal.readme.io/docs/searching a service that allows developers to scan files for vulnerability. Apparently, virus total stores files and allows third parties to rescan these files later. Sounds like a vulnerability of this service and terrible practice. How can you expose your user files to any arbitrary access? Of course you should not put your secrets into file you upload to some virus scan, but how many users know that file they upload will be accessible publicly?

croes on Aug 14, 2024 | [–]

Your link just says they store the scam result which can be accessed without submitting the file.

>VirusTotal stores the analyses and report. This allows users to query for reports given an MD5, SHA1, SHA256 or URL and render them without having to resubmit the items (whether URLs or files) for scanning

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact