Kaspersky blames “misconfiguration” after customers receive “dear and lovely” email

Kaspersky blames "misconfiguration" after customers receive "dear and lovely" email

Customers of Russian security firm Kaspersky are understandably curious about an email they received yesterday, seemingly from the firm, calling them “dear and lovely”.

Suspicious email

Multiple users have posted on Kaspersky’s support forum concerned that the email – which mentions their name and email address – suggests an unauthorised party has been able to compromise Kaspersky’s systems to send the email.

Sign up to our free newsletter.
Security news, advice, and tips.

Some users have pointed out that the email was received at an email address that they had “only given to Kaspersky.”

Did Kaspersky really choose to send an email to its customers addressing them as “dear and lovely”? Had Kaspersky suffered a data breach? Had a hacker found a way to send messages to the security company’s customer base?

A Kaspersky employee has offered the following explanation:

Kaspersky is aware that some users of the company’s products may have recently received emails from the company’s email address with irrelevant content. This email was sent following a misconfiguration in the company’s internal IT environment. Kaspersky is reaching out to the company’s users to inform them of the issue and apologize for the inconvenience caused.

So, Kaspersky is saying a “misconfiguration” is to blame. They are not saying the emails were sent in error. They’re also not debunking the fear some users had that the emails were sent by an unauthorised party.

I mean, come on. A “misconfiguration” doesn’t cause an email to be sent like this. What would be more accurate would be to say that a goof has occurred – it may be that the email was sent in error by an employee, or that someone has *exploited* a security hole introduced through carelessness.

Whether Kaspersky customer details have fallen into the hands of hackers is too early to say based upon what the company has said. But the unauthorised email blastout certainly sounds like some type of security breach.

Let’s hope Kaspersky shares more information soon.

Hat-tip: @touseef__

Update:

Kaspersky has been in touch with the following statement:

The email was an error, not a data breach. An email used by the IT team for tests was sent from a staging environment to real users by mistake. Kaspersky is reaching out to the company’s users to inform them of the issue and apologise for the inconvenience caused.

Kaspersky is aware that some users of the company’s products may have recently received emails from the company’s email address with irrelevant content. This email was sent following a misconfiguration in the company’s internal IT environment.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

7 comments on “Kaspersky blames “misconfiguration” after customers receive “dear and lovely” email”

  1. Trevor Wood

    Interesting. My wife received one of these emails. However, Kaspersky shouldn't have her email address as the account is under my name and a different email domain

    1. Hellfire · in reply to Trevor Wood

      Maybe someone is behind this. Customer details if leaked could allow others to do a background check on the customer details and deanonymise the details of spouse and family. If what you say is true, then it's far from a misconfiguration and done with full intention, most likely by a white hat hacker to uncover the security flaws of the company systems.

  2. Ragna

    I've received this email too… I've never registered for the Kaspersky site or services. Email was sent through a Wierd Adobe server stage.adobe-campaign.com [192.243.244.1].

  3. Ian

    Kaspersky has also been busy billing customers who have cancelled their subscriptions

  4. emailadmin

    Yes, a simple misconfiguration of one parameter (e.g. relay all messages) does make this possible. Don't talk about how email servers work if you don't know how email servers work.

  5. Syed Irfan Naseer

    this could be misconfiguration and this has happened to me..
    if you put an email address in SMTP authentication in any ticketing system and use the same email address for from email address then all the people who sent email till date will receive the draft email which is set to send email automatically.

  6. Abishek

    Looks like the domain doesn't belong to Kaspersky.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.