Kaspersky Antivirus software has allowed millions of its users to be tracked for years, according to a new report. A German website reported on Thursday that the software injected JavaScript code into every browser opened on a test laptop.

According to Ronald Eikenberg of C'T Magazine, the injected JavaScript code contained a unique ID number which was replicated on every webpage.

"My inquiries revealed that the leak was introduced with Kaspersky's '2016' editions, released in the Autumn of 2015. And the UUID wasn't hidden. If I was able to find it by happenstance, various people, from eager marketers to malicious attackers may have been exploiting it for almost four years," he stated in an article titled "Kasper-Spy: Kaspersky Anti-Virus puts users at risk" in the magazine published Thursday.

The fact that this script was injected, means that many users might have been tracked and hackers might have misused the data collected. Even if users enabled incognito mode, they can still be tracked.

Kaspersky has also issued an official statement on the matter, "After our internal research, we have concluded that such scenarios of user's privacy compromise are theoretically possible but are unlikely to be carried out in practice, due to their complexity and low profitability for cybercriminals. Nevertheless, we are constantly working on improving our technologies and products, resulting in a change in this process. We'd like to thank Ronald Eikenberg for reporting this to us."

In case you own this version of the Kaspersky Antivirus, you should check the settings of the software. Go into the settings, then navigate to Additional/Network, going to Traffic Processing and unchecking "Inject script into web traffic to interact with web pages."

While many web browsers already track users, injecting JavaScript into every web page is a far reach.

Kaspersky has already been notified of the problem and the company has confirmed that the problem exists on all versions of the antivirus. The company stated that it has fixed the problem in a June update and it has also "alerted users about the flaw."

Kaspersky real-time cyberthreat map
Kaspersky uses its intrusion detection as well as web and mail anti-virus programs to scan for threats and attacks Kaspersky Labs

Kaspersky, along with other firms such as Huawei, is already under the scanner of the U.S. government. Kaspersky has its headquarters in Moscow, Russia and security agencies have repeatedly accused the company of being complicit in espionage. While nothing has been expressly proved against the company, such findings are definitely going to impact its image.