Kaspersky blames “misconfiguration” after customers receive “dear and lovely” email

Graham Cluley
@gcluley

Kaspersky blames "misconfiguration" after customers receive "dear and lovely" email

Customers of Russian security firm Kaspersky are understandably curious about an email they received yesterday, seemingly from the firm, calling them “dear and lovely”.

Multiple users have posted on Kaspersky’s support forum concerned that the email – which mentions their name and email address – suggests an unauthorised party has been able to compromise Kaspersky’s systems to send the email.

Sign up to our newsletter
Security news, advice, and tips.

Some users have pointed out that the email was received at an email address that they had “only given to Kaspersky.”

Did Kaspersky really choose to send an email to its customers addressing them as “dear and lovely”? Had Kaspersky suffered a data breach? Had a hacker found a way to send messages to the security company’s customer base?

A Kaspersky employee has offered the following explanation:

Kaspersky is aware that some users of the company’s products may have recently received emails from the company’s email address with irrelevant content. This email was sent following a misconfiguration in the company’s internal IT environment. Kaspersky is reaching out to the company’s users to inform them of the issue and apologize for the inconvenience caused.

So, Kaspersky is saying a “misconfiguration” is to blame. They are not saying the emails were sent in error. They’re also not debunking the fear some users had that the emails were sent by an unauthorised party.

I mean, come on. A “misconfiguration” doesn’t cause an email to be sent like this. What would be more accurate would be to say that a goof has occurred – it may be that the email was sent in error by an employee, or that someone has *exploited* a security hole introduced through carelessness.

Whether Kaspersky customer details have fallen into the hands of hackers is too early to say based upon what the company has said. But the unauthorised email blastout certainly sounds like some type of security breach.

Let’s hope Kaspersky shares more information soon.

Hat-tip: @touseef__

Update:

Kaspersky has been in touch with the following statement:

The email was an error, not a data breach. An email used by the IT team for tests was sent from a staging environment to real users by mistake. Kaspersky is reaching out to the company’s users to inform them of the issue and apologise for the inconvenience caused.

Kaspersky is aware that some users of the company’s products may have recently received emails from the company’s email address with irrelevant content. This email was sent following a misconfiguration in the company’s internal IT environment.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

6 comments on “Kaspersky blames “misconfiguration” after customers receive “dear and lovely” email”

  1. Trevor Wood

    Interesting. My wife received one of these emails. However, Kaspersky shouldn't have her email address as the account is under my name and a different email domain

    1. Hellfire · in reply to Trevor Wood

      Maybe someone is behind this. Customer details if leaked could allow others to do a background check on the customer details and deanonymise the details of spouse and family. If what you say is true, then it's far from a misconfiguration and done with full intention, most likely by a white hat hacker to uncover the security flaws of the company systems.

  2. Ragna

    I've received this email too… I've never registered for the Kaspersky site or services. Email was sent through a Wierd Adobe server stage.adobe-campaign.com [192.243.244.1].

  3. Ian

    Kaspersky has also been busy billing customers who have cancelled their subscriptions

  4. emailadmin

    Yes, a simple misconfiguration of one parameter (e.g. relay all messages) does make this possible. Don't talk about how email servers work if you don't know how email servers work.

  5. Syed Irfan Naseer

    this could be misconfiguration and this has happened to me..
    if you put an email address in SMTP authentication in any ticketing system and use the same email address for from email address then all the people who sent email till date will receive the draft email which is set to send email automatically.

What do you think? Leave a comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.