DocuSign confirmed on Tuesday that a malicious third party had gained temporary access to a separate, non-core system to steal possibly more than 100 million email addresses.
According to an article in Forbes by Lee Matthews, in an update on its website, DocuSign reported an uptick in targeted spam campaigns abusing the company's branding, launching an investigation.
The company found hackers gained temporary access to a separate, non-core system that allows it to communicate service-related announcements to users via email.
However, DocuSign confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure.
DocuSign stated in its update that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed.
DocuSign digitizes the signature process and is commonly used in the mortgage finance process. It also gives special pricing for members of the National Association of Realtors and California mortgage professionals.
The attack even reached as far as HousingWire, with this reporter noticing a suspicious email branded by DocuSign on Tuesday, asking for special attention on a construction project. That email was promptly deleted.
DocuSign stated it took “immediate action to prohibit unauthorized access to this system, we have put further security controls in place, and are working with law enforcement agencies.”
It also emphasized that out of an abundance of caution as a trusted brand and to protect people from any further phishing attacks against their email, they’re alerting people and recommend taking the following steps to ensure the security of their email and systems:
- Delete any emails with the subject line, “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”. These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam.
- Forward any suspicious emails related to DocuSign to firstname.lastname@example.org, and then delete them from your computer. They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like “docusgn.com” without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.
- Ensure your anti-virus software is enabled and up to date.
- Review our whitepaper on phishing available at https://trust.docusign.com/static/downloads/Combating_Phishing_WP_05082017.pdf
This, unfortunately, isn’t the first time the industry has dealt with a massive hacker attack. Late last year, hacked email and password data for more than 68 million Dropbox users was up for sale in the darknet marketplace.