Shoppers of Russian safety company Kaspersky are understandably enthusiastic about an e-mail they won the day gone by, reputedly from the company, calling them “pricey and wonderful”.
A couple of customers have posted on Kaspersky’s toughen discussion board involved that the e-mail – which mentions their identify and e-mail cope with – suggests an unauthorised birthday party has been in a position to compromise Kaspersky’s methods to ship the e-mail.
Some customers have identified that the e-mail used to be won at an e-mail cope with that that they had “best given to Kaspersky.”
Did Kaspersky truly make a selection to ship an e-mail to its shoppers addressing them as “pricey and wonderful”? Had Kaspersky suffered an information breach? Had a hacker discovered a approach to ship messages to the safety corporate’s buyer base?
A Kaspersky worker has presented the next rationalization:
Kaspersky is conscious that some customers of the corporate’s merchandise will have lately won emails from the corporate’s e-mail cope with with beside the point content material. This e-mail used to be despatched following a misconfiguration within the corporate’s inner IT atmosphere. Kaspersky is achieving out to the corporate’s customers to tell them of the problem and ask for forgiveness for the inconvenience brought about.
So, Kaspersky is pronouncing a “misconfiguration” is accountable. They don’t seem to be pronouncing the emails had been despatched in error. They’re additionally now not debunking the worry some customers had that the emails had been despatched by way of an unauthorised birthday party.
I imply, come on. A “misconfiguration” doesn’t motive an e-mail to be despatched like this. What can be extra correct can be to mention {that a} goof has happened – it can be that the e-mail used to be despatched in error by way of an worker, or that somebody has *exploited* a safety hollow presented thru carelessness.
Whether or not Kaspersky buyer main points have fallen into the palms of hackers is just too early to mention based totally upon what the corporate has stated. However the unauthorised e-mail blastout definitely seems like some form of safety breach.
Let’s hope Kaspersky stocks additional information quickly.
Hat-tip: @touseef__
Replace:
Kaspersky has been in contact with the next commentary:
The e-mail used to be an error, now not an information breach. An e-mail utilized by the IT staff for assessments used to be despatched from a staging atmosphere to actual customers by way of mistake. Kaspersky is achieving out to the corporate’s customers to tell them of the problem and apologise for the inconvenience brought about.
Kaspersky is conscious that some customers of the corporate’s merchandise will have lately won emails from the corporate’s e-mail cope with with beside the point content material. This e-mail used to be despatched following a misconfiguration within the corporate’s inner IT atmosphere.
Discovered this text attention-grabbing? Practice Graham Cluley on Twitter to learn extra of the unique content material we publish.