Prospects of Russian safety agency Kaspersky are understandably interested by an e-mail they obtained yesterday, seemingly from the agency, calling them “expensive and wonderful”.
A number of customers have posted on Kaspersky’s assist discussion board involved that the e-mail – which mentions their title and e-mail tackle – suggests an unauthorised social gathering has been in a position to compromise Kaspersky’s techniques to ship the e-mail.
A few of the customers have identified that the e-mail was obtained at an e-mail tackle that the e-mail was despatched to an tackle they’d “solely given to Kaspersky.”
Did Kaspersky actually select to ship an e-mail to its prospects addressing them as “expensive and wonderful”? Had Kaspersky suffered a knowledge breach? Had a hacker discovered a technique to ship messages to the safety firm’s buyer base?
A Kaspersky worker has supplied the next clarification:
Kaspersky is conscious that some customers of the corporate’s merchandise might have just lately obtained emails from the corporate’s e-mail tackle with irrelevant content material. This e-mail was despatched following a misconfiguration within the firm’s inner IT atmosphere. Kaspersky is reaching out to the corporate’s customers to tell them of the difficulty and apologize for the inconvenience induced.
So, Kaspersky is saying a “misconfiguration” is responsible. They aren’t saying the emails have been despatched in error. They’re additionally not debunking the worry some customers had that the emails have been despatched by an unauthorised social gathering.
I imply, come on. A “misconfiguration” doesn’t trigger an e-mail to be despatched like this. What can be extra correct can be to say {that a} goof has occurred – it might be that the e-mail was despatched in error by an worker or that somebody has *exploited* a safety gap launched by way of carelessness.
Whether or not Kaspersky buyer particulars have fallen into the arms of hackers is simply too early to say based mostly upon what the corporate has mentioned. However the unauthorised e-mail blastout actually feels like some kind of safety breach.
Let’s hope Kaspersky shares extra info quickly.
Hat-tip: @touseef__
Discovered this text fascinating? Comply with Graham Cluley on Twitter to learn extra of the unique content material we put up.