DocuSign Hacked, Users Started Receiving Infected Emails

DocuSign Hacked, Users Started Receiving Infected Emails

DocuSign, a digital signature service, has reported a security breach on Monday. Apparently, an unknown third-party has managed to hack into the system and access DocuSign users’ email accounts. The hacker, or hackers, have managed to temporarily access a peripheral sub-system that’s being used for communication and sending announcements related to the service to their users via email.

The company confirmed that the intruder only accessed the users’ email addresses, but names, passwords, physical addresses, credit card data, social security numbers and any other similar info are still protected.

In their post, they stated that “No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents, and data remain secure.”

DocuSign has over 200 million users, in more than 188 countries around the world. They also said that 12 of the best 15 insurance carriers, as well as 12 out of 15 US financial services, use DocuSign.

Since earlier this month, the company has been keeping track of malicious emails that were being received, and that had several different lines as their Subject. These lines include “Completed: – Wire Transfer Instructions for recipient-name Document Ready for Signature,” or “Completed *company name* – Accounting Invoice *number* Document Ready for Signature.”

These emails contained DocuSign branding, and their goal was to try to trick users to download the Word document that could be found by clicking to one of the links from within the email. Clicking on that very link would lead users to download the doc that would then trick them into activating a macro-enabled malware.

DocuSign has stated that these emails had nothing to do with the company and that they’re being sent from an unrelated domain. However, by Monday, they suggested that the IDs of these emails came from a hack in the company’s own system.

They reacted swiftly to this latest piece of information and blocked all unauthorized access to their system. They have even added more security controls, and have started working with law enforcement agencies in order to do whatever they can so that similar incidents wouldn’t repeat.

All of their users were alerted and warned about the danger. They were also advised to report any suspicious email to the company, and then quickly delete it, without downloading anything that might have arrived. Also, it’s suggested that users should have their anti-virus software updated and running at all times, for their own safety.