Jump to content

DocuSign Suffers Data Breach, Email Addresses Used in Phishing Attack


CrAKeN

Recommended Posts

docusign-suffers-data-breach-email-addre

 

DocuSign suffers data breach

 

DocuSign, the company behind eSignature, one of the most popular digital signature services in the world, admitted that they suffered a data breach that exposed customer email addresses. These emails were later used in a phishing campaign that kicked off last week. 

 

"Last week and again this morning, DocuSign detected an increase in phishing emails sent to some of our customers and users – and we posted alerts here on the DocuSign Trust Site and in social media. The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software. As part of our process in response to phishing incidents, we confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure," the company notes in the alert it issued earlier.

 

According to DocuSign, a malicious party had gained temporary access to a separate, non-core system that allows the communication of service-related announcements to users via email. Thankfully, during the data breach, only email addresses were accessed. This means that people's names, physical addresses, passwords, social security numbers, credit card data and any other account-related data are safe and have not been accessed. Nor have any content or customer documents sent through DocuSign's eSignature system.

 

The company took action to prohibit the unauthorized access to the system and put further security controls in place.

 

Beware of phishing mails


Sadly, people are still being targeted by phishing emails. Therefore, the company is asking customers to delete any emails with the subject line "Completed: [domain name]  – Wire transfer for recipient-name Document Ready for Signature" and "Completed: [domain name]  – Wire transfer for recipient-name Document Ready for Signature" as they are not from DocuSign. Instead, they contain a link to malware spam.

 

Any other suspicious emails related to DocuSign are to be forwarded to [email protected] and deleted from the computer immediately thereafter.

 

The company also advises users to have their anti-virus software enabled and up to date to block any possible infections.

 

Source

Link to comment
Share on other sites


  • Views 473
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...