Kaspersky blames “misconfiguration” after prospects obtain “expensive and beautiful” electronic mail • Graham Cluley

Clients of Russian safety agency Kaspersky are understandably inquisitive about an electronic mail they acquired yesterday, seemingly from the agency, calling them “expensive and beautiful”.

A number of customers have posted on Kaspersky’s help discussion board involved that the e-mail – which mentions their title and electronic mail deal with – suggests an unauthorised occasion has been in a position to compromise Kaspersky’s techniques to ship the e-mail.

Signal as much as our e-newsletter
Safety information, recommendation, and ideas.

Some customers have identified that the e-mail was acquired at an electronic mail deal with that they’d “solely given to Kaspersky.”

Did Kaspersky actually select to ship an electronic mail to its prospects addressing them as “expensive and beautiful”? Had Kaspersky suffered a knowledge breach? Had a hacker discovered a option to ship messages to the safety firm’s buyer base?

A Kaspersky worker has supplied the next rationalization:

Kaspersky is conscious that some customers of the corporate’s merchandise might have just lately acquired emails from the corporate’s electronic mail deal with with irrelevant content material. This electronic mail was despatched following a misconfiguration within the firm’s inside IT surroundings. Kaspersky is reaching out to the corporate’s customers to tell them of the difficulty and apologize for the inconvenience induced.

So, Kaspersky is saying a “misconfiguration” is accountable. They aren’t saying the emails have been despatched in error. They’re additionally not debunking the concern some customers had that the emails have been despatched by an unauthorised occasion.

I imply, come on. A “misconfiguration” doesn’t trigger an electronic mail to be despatched like this. What could be extra correct could be to say {that a} goof has occurred – it could be that the e-mail was despatched in error by an worker, or that somebody has *exploited* a safety gap launched by way of carelessness.

Whether or not Kaspersky buyer particulars have fallen into the arms of hackers is simply too early to say based mostly upon what the corporate has stated. However the unauthorised electronic mail blastout actually appears like some kind of safety breach.

Let’s hope Kaspersky shares extra data quickly.

Hat-tip: @touseef__

Discovered this text attention-grabbing? Observe Graham Cluley on Twitter to learn extra of the unique content material we put up.