Kaspersky blames “misconfiguration” after customers receive “dear and lovely” email

Kaspersky blames “misconfiguration” after customers receive “dear and lovely” email

Kaspersky blames "misconfiguration" after customers receive "dear and lovely" email

Customers of Russian security firm Kaspersky are understandably curious about an email they received yesterday, seemingly from the firm, calling them “dear and lovely”.

Suspicious email

Multiple users have posted on Kaspersky’s support forum concerned that the email – which mentions their name and email address – suggests an unauthorised party has been able to compromise Kaspersky’s systems to send the email.

EmailSign up to our newsletter
Security news, advice, and tips.

Some of the users have pointed out that the email was received at an email address that the email was sent to an address they had “only given to Kaspersky.”

Did Kaspersky really choose to send an email to its customers addressing them as “dear and lovely”? Had Kaspersky suffered a data breach? Had a hacker found a way to send messages to the security company’s customer base?

A Kaspersky employee has offered the following explanation:

Kaspersky is aware that some users of the company’s products may have recently received emails from the company’s email address with irrelevant content. This email was sent following a misconfiguration in the company’s internal IT environment. Kaspersky is reaching out to the company’s users to inform them of the issue and apologize for the inconvenience caused.

So, Kaspersky is saying a “misconfiguration” is to blame. They are not saying the emails were sent in error. They’re also not debunking the fear some users had that the emails were sent by an unauthorised party.

I mean, come on. A “misconfiguration” doesn’t cause an email to be sent like this. What would be more accurate would be to say that a goof has occurred – it may be that the email was sent in error by an employee or that someone has *exploited* a security hole introduced through carelessness.

Whether Kaspersky customer details have fallen into the hands of hackers is too early to say based upon what the company has said. But the unauthorised email blastout certainly sounds like some type of security breach.

Let’s hope Kaspersky shares more information soon.

Hat-tip: @touseef__

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *