DocuSign Hacked: Hackers Access Database and Embark on Phishing Campaign

Electronic signature service DocuSign said Tuesday it had confirmed that “a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email.”

According to DocuSign, a complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

Last week and again this morning, DocuSign said it detected an increase in phishing emails sent to some of its customers and users. The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software.

Precaution

Delete any emails with the subject line, “Completed: [domain name]  – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”. These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam.