Prospects of Russian safety agency Kaspersky are understandably inquisitive about an e mail they acquired yesterday, seemingly from the agency, calling them “expensive and wonderful”.
A number of customers have posted on Kaspersky’s help discussion board involved that the e-mail – which mentions their identify and e mail handle – suggests an unauthorised celebration has been capable of compromise Kaspersky’s techniques to ship the e-mail.
Some customers have identified that the e-mail was acquired at an e mail handle that that they had “solely given to Kaspersky.”
Did Kaspersky actually select to ship an e mail to its clients addressing them as “expensive and wonderful”? Had Kaspersky suffered an information breach? Had a hacker discovered a method to ship messages to the safety firm’s buyer base?
A Kaspersky worker has supplied the next rationalization:
Kaspersky is conscious that some customers of the corporate’s merchandise could have not too long ago acquired emails from the corporate’s e mail handle with irrelevant content material. This e mail was despatched following a misconfiguration within the firm’s inside IT surroundings. Kaspersky is reaching out to the corporate’s customers to tell them of the difficulty and apologize for the inconvenience induced.
So, Kaspersky is saying a “misconfiguration” is accountable. They don’t seem to be saying the emails had been despatched in error. They’re additionally not debunking the worry some customers had that the emails had been despatched by an unauthorised celebration.
I imply, come on. A “misconfiguration” doesn’t trigger an e mail to be despatched like this. What can be extra correct can be to say {that a} goof has occurred – it could be that the e-mail was despatched in error by an worker, or that somebody has *exploited* a safety gap launched by way of carelessness.
Whether or not Kaspersky buyer particulars have fallen into the fingers of hackers is just too early to say primarily based upon what the corporate has stated. However the unauthorised e mail blastout actually feels like some kind of safety breach.
Let’s hope Kaspersky shares extra data quickly.
Hat-tip: @touseef__
Replace:
Kaspersky has been in contact with the next assertion:
The e-mail was an error, not an information breach. An e mail utilized by the IT group for checks was despatched from a staging surroundings to actual customers by mistake. Kaspersky is reaching out to the corporate’s customers to tell them of the difficulty and apologise for the inconvenience induced.
Kaspersky is conscious that some customers of the corporate’s merchandise could have not too long ago acquired emails from the corporate’s e mail handle with irrelevant content material. This e mail was despatched following a misconfiguration within the firm’s inside IT surroundings.
Discovered this text fascinating? Observe Graham Cluley on Twitter to learn extra of the unique content material we submit.
