Menu
Digital signature service DocuSign hacked and email addresses stolen

Digital signature service DocuSign hacked and email addresses stolen

DocuSign had last week warned of phishing emails that spoofed its brand

Digital signature service DocuSign said Monday that an unnamed third-party had got access to email addresses of its users after hacking into its systems.

The hackers gained temporary access to a peripheral sub-system for communicating service-related announcements to users through email, the company said. It confirmed after what it described as a complete forensic analysis that only email addresses were accessed, and not other details such as names, physical addresses, passwords, social security numbers, credit card data or other information.

“No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure,” DocuSign said in a post.

DocuSign claims more than 200 million users in 188 countries. It said on its website that 12 of the of the top 15 U.S. financial services companies and 12 of the top 15 U.S. insurance carriers use DocuSign.

The company has since earlier this month said it was monitoring malicious emails that had the subject lines: “Completed: docusign.com - Wire Transfer Instructions for recipient-name Document Ready for Signature,” or “Completed *company name* - Accounting Invoice *number* Document Ready for Signature,” and used DocuSign branding in the headers and body of the email. The emails had links to a downloadable Word document that was meant to trick users into running macro-enabled malware.

The company said the mails were being sent from domains that were not related to DocuSign, but by Monday it was suggesting that the email ids had come from a hack of its own system.

DocuSign said it had taken action quickly to block unauthorized access to the system, added further security controls, and is working with law enforcement agencies. It said it was alerting users as a matter of abundant caution to take measures such as forwarding to the company any suspicious emails relating to DocuSign and deleting them from their systems, and ensuring their anti-virus software is enabled and updated.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Brand Post

Featured

Slideshows

Malwarebytes shoots the breeze with channel, prospects

Malwarebytes shoots the breeze with channel, prospects

A Kumeu, Auckland, winery was the venue for a Malwarebytes event for partner and prospect MSPs - with some straight shooting on the side. The half-day getaway, which featured an archery competition, lunch and wine-tasting aimed at bringing Malwarebytes' local New Zealand and top and prospective MSP partners together to celebrate recent local successes, and discuss the current state of malware in New Zealand. This was also a unique opportunity for local MSPs to learn about how they can get the most out of Malwarebytes' MSP program and offering, as more Kiwi businesses are targeted by malware.

Malwarebytes shoots the breeze with channel, prospects
EDGE 2019: Channel forges new partnerships during evening networking

EDGE 2019: Channel forges new partnerships during evening networking

Partners, vendors and distributors reconnected during a number of social gatherings during EDGE 2019. The first evening saw the channel congregate for a welcome party at the Hamilton Island yacht club, while the main poolside proved to be the perfect stop for a barbecue on the final night.

EDGE 2019: Channel forges new partnerships during evening networking
Show Comments