Free Tool Consequences (VirusTotal)
There is a huge arsenal of tools available to the cyber-curious to stay safe online. VirusTotal is one such tool, marketing itself as having the capability to "Analyze suspicious files and URLs to detect types of malware, automatically sharing them with the security community". Rather than having to submit one file to multiple 3rd party scanners, VirusTotal leverages 70+ scanner and blacklisting services, showing a verdict for each, and giving greater confidence in overall results. In the event a file may contain confidential information, VirusTotal gives you the option to submit a file hash, and if it has been previously submitted, the scan results will be present. In addition to scan engine output, there is also a community section where logged in users can vote on if the file is safe or not, and also comments can be submitted. Creating an account (free to sign up) also allows for other privileged actions such as downloading a file that has been uploaded. This is very powerful for researchers but has severe implications.
The nightmare of confidential data and PII being uploaded due to being suspicious plays out every day. Not only are documents containing sensitive information scanned and subsequently made available for download, but URLs and suspicious links are also entered, in the hope of confirming if they are malicious. Those links can lead to shared folders, URLs with personal identifiers, and other juicy data points.
Be careful when using online tools as part of your workflow. If you see something unique in the URL, remember to modify it as the information will be public once scanned for validity. From personal experience, I have found domains referencing URLs with multiple corporate users. Further investigation shows those users all belong to financial departments. Additional review could lead to more nuanced or holistic conclusions, such as identifying a targeted campaign. For the safest option, get the checksum of a file and search VirusTotal to see if results exist. You also have the option to reanalyze files, if the last scan date is not current. If something sensitive is accidentally uploaded, personal, corporate, or otherwise, reference the support article on how to contact support.
Reference:
https://www.virustotal.com/#/home/upload
https://www.engadget.com/2012/09/07/google-acquires-virustotal/
https://support.virustotal.com/hc/en-us/articles/115002093689-I-accidentally-uploaded-a-file-with-confidential-or-sensitive-information-to-VirusTotal-can-you-please-delete-it-
