DocuSign admitted this week that an attacker breached its system and stole its list of email addresses, which then allowed for a targeted malware phishing attack.
Back on May 9 the company warned of a malicious email campaign where the subject lines read “Completed: [domain name] — Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature.”
These emails are not really from DocuSign and the attached word doc contains malware, of course.
At that point, the company just thought a malicious third-party had “spoofed” DocuSign branding in the email.
But on May 15, the company revealed they’d indeed been breached.
“As part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email,” DocuSign wrote in an alert posted to its site. “A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.”
If you get an email with either of the aforementioned subject lines, forward them to DocuSign at firstname.lastname@example.org and then delete them.
“They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like “docusgn.com” without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net,” according to the update on docusign.com.
Is your business covered for a data breach?