Prospects of Russian safety agency Kaspersky are understandably interested by an e-mail they obtained yesterday, seemingly from the agency, calling them “pricey and wonderful”.
A number of customers have posted on Kaspersky’s help discussion board involved that the e-mail – which mentions their title and e-mail deal with – suggests an unauthorised social gathering has been in a position to compromise Kaspersky’s programs to ship the e-mail.
Some customers have identified that the e-mail was obtained at an e-mail deal with that they’d “solely given to Kaspersky.”
Did Kaspersky actually select to ship an e-mail to its prospects addressing them as “pricey and wonderful”? Had Kaspersky suffered a knowledge breach? Had a hacker discovered a strategy to ship messages to the safety firm’s buyer base?
A Kaspersky worker has provided the next rationalization:
Kaspersky is conscious that some customers of the corporate’s merchandise could have just lately obtained emails from the corporate’s e-mail deal with with irrelevant content material. This e-mail was despatched following a misconfiguration within the firm’s inside IT setting. Kaspersky is reaching out to the corporate’s customers to tell them of the problem and apologize for the inconvenience induced.
So, Kaspersky is saying a “misconfiguration” is in charge. They don’t seem to be saying the emails had been despatched in error. They’re additionally not debunking the concern some customers had that the emails had been despatched by an unauthorised social gathering.
I imply, come on. A “misconfiguration” doesn’t trigger an e-mail to be despatched like this. What can be extra correct can be to say {that a} goof has occurred – it might be that the e-mail was despatched in error by an worker, or that somebody has *exploited* a safety gap launched by means of carelessness.
Whether or not Kaspersky buyer particulars have fallen into the palms of hackers is simply too early to say based mostly upon what the corporate has stated. However the unauthorised e-mail blastout definitely appears like some kind of safety breach.
Let’s hope Kaspersky shares extra info quickly.
Hat-tip: @touseef__
Replace:
Kaspersky has been in contact with the next assertion:
The e-mail was an error, not a knowledge breach. An e-mail utilized by the IT crew for exams was despatched from a staging setting to actual customers by mistake. Kaspersky is reaching out to the corporate’s customers to tell them of the problem and apologise for the inconvenience induced.
Kaspersky is conscious that some customers of the corporate’s merchandise could have just lately obtained emails from the corporate’s e-mail deal with with irrelevant content material. This e-mail was despatched following a misconfiguration within the firm’s inside IT setting.
Discovered this text fascinating? Comply with Graham Cluley on Twitter to learn extra of the unique content material we submit.