Customers of Russian security firm Kaspersky are understandably curious about an email they received yesterday, seemingly from the firm, calling them “dear and lovely”.
Multiple users have posted on Kaspersky’s support forum concerned that the email – which mentions their name and email address – suggests an unauthorised party has been able to compromise Kaspersky’s systems to send the email.
Some users have pointed out that the email was received at an email address that they had “only given to Kaspersky.”
Did Kaspersky really choose to send an email to its customers addressing them as “dear and lovely”? Had Kaspersky suffered a data breach? Had a hacker found a way to send messages to the security company’s customer base?
A Kaspersky employee has offered the following explanation:
Kaspersky is aware that some users of the company’s products may have recently received emails from the company’s email address with irrelevant content. This email was sent following a misconfiguration in the company’s internal IT environment. Kaspersky is reaching out to the company’s users to inform them of the issue and apologize for the inconvenience caused.
So, Kaspersky is saying a “misconfiguration” is to blame. They are not saying the emails were sent in error. They’re also not debunking the fear some users had that the emails were sent by an unauthorised party.
I mean, come on. A “misconfiguration” doesn’t cause an email to be sent like this. What would be more accurate would be to say that a goof has occurred – it may be that the email was sent in error by an employee, or that someone has *exploited* a security hole introduced through carelessness.
Whether Kaspersky customer details have fallen into the hands of hackers is too early to say based upon what the company has said. But the unauthorised email blastout certainly sounds like some type of security breach.
Let’s hope Kaspersky shares more information soon.
Hat-tip: @touseef__
Update:
Kaspersky has been in touch with the following statement:
The email was an error, not a data breach. An email used by the IT team for tests was sent from a staging environment to real users by mistake. Kaspersky is reaching out to the company’s users to inform them of the issue and apologise for the inconvenience caused.
Kaspersky is aware that some users of the company’s products may have recently received emails from the company’s email address with irrelevant content. This email was sent following a misconfiguration in the company’s internal IT environment.
Interesting. My wife received one of these emails. However, Kaspersky shouldn't have her email address as the account is under my name and a different email domain
Maybe someone is behind this. Customer details if leaked could allow others to do a background check on the customer details and deanonymise the details of spouse and family. If what you say is true, then it's far from a misconfiguration and done with full intention, most likely by a white hat hacker to uncover the security flaws of the company systems.
I've received this email too… I've never registered for the Kaspersky site or services. Email was sent through a Wierd Adobe server stage.adobe-campaign.com [192.243.244.1].
Kaspersky has also been busy billing customers who have cancelled their subscriptions
Yes, a simple misconfiguration of one parameter (e.g. relay all messages) does make this possible. Don't talk about how email servers work if you don't know how email servers work.
this could be misconfiguration and this has happened to me..
if you put an email address in SMTP authentication in any ticketing system and use the same email address for from email address then all the people who sent email till date will receive the draft email which is set to send email automatically.
Looks like the domain doesn't belong to Kaspersky.