Mystery surrounds the origin of a leak on Pastebin containing what looked like the full contact details on tech personnel at hundreds of UK organizations.
The leaked document features names of people, the firms they worked for, email addresses, and phone numbers (mobile and landline). It surfaced on Sunday, and purported to come from the internal files of Kaspersky Lab. We only have the word of the unidentified person who leaked the information for this suggestion. Kaspersky Lab firmly denied its systems had been compromised, telling The Register today:
We are aware of the post on Pastebin purporting to be Kaspersky Lab customer information, and have cross-referenced this against our own internal databases and those held by third-party suppliers. We are confident that this information does not match any Kaspersky Lab lists, and that no customer data has been compromised from our sources. However, we do not exclude the fact that the data from the published list may have been compromised through some other sources not related to Kaspersky Lab.
Respecting and protecting customers' data is a fundamental principle of our business. Over 270,000 clients, ranging from small and medium-sized businesses to large organizations worldwide, have entrusted Kaspersky Lab to protect their digital valuables and we take this responsibility seriously. We are constantly working on ensuring our customers' data is stored securely.
The source of the leaked document, which was pulled offline by Pastebin on Tuesday afternoon, remains altogether unclear. ®
El Reg learned of the leak from a reader, Kevin, who was tipped off that his details had been exposed by Troy Hunt's Have I been Pwned? website – which alerts subscribers if their email address appears in dumps to Pastebin and similar sites.