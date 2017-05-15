Digital signature service DocuSign hacked and email addresses stolen

DocuSign had last week warned of phishing emails that spoofed its brand

Bangalore Correspondent, IDG News Service |

hacker
Credit: IDGNS
Related

Digital signature service DocuSign said Monday that an unnamed third-party had got access to email addresses of its users after hacking into its systems.

The hackers gained temporary access to a peripheral sub-system for communicating service-related announcements to users through email, the company said. It confirmed after what it described as a complete forensic analysis that only email addresses were accessed, and not other details such as names, physical addresses, passwords, social security numbers, credit card data or other information.

“No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure,” DocuSign said in a post.

DocuSign claims more than 200 million users in 188 countries. It said on its website that 12 of the of the top 15 U.S. financial services companies and 12 of the top 15 U.S. insurance carriers use DocuSign.

The company has since earlier this month said it was monitoring malicious emails that had the subject lines: “Completed: docusign.com - Wire Transfer Instructions for recipient-name Document Ready for Signature,” or “Completed *company name* - Accounting Invoice *number* Document Ready for Signature,” and used DocuSign branding in the headers and body of the email. The emails had links to a downloadable Word document that was meant to trick users into running macro-enabled malware.

The company said the mails were being sent from domains that were not related to DocuSign, but by Monday it was suggesting that the email ids had come from a hack of its own system.

DocuSign said it had taken action quickly to block unauthorized access to the system, added further security controls, and is working with law enforcement agencies. It said it was alerting users as a matter of abundant caution to take measures such as forwarding to the company any suspicious emails relating to DocuSign and deleting them from their systems, and ensuring their anti-virus software is enabled and updated.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

John Ribeiro covers outsourcing and general technology breaking news from India for the IDG News Service.

Must read: 10 new UI features coming to Windows 10
You Might Like
Don't Miss
free tech software storage
18 free cloud storage options

A review of 18 companies that offer free cloud storage

bodium castle fortress
How Google reinvented security and eliminated the need for firewalls

In some ways, Google is like every other large enterprise. It had the typical defensive security...

free tech software storage
18 free cloud storage options

A review of 18 companies that offer free cloud storage

Resources
Top Stories
internet security risk public domain web
8 ways to manage an internet or security crisis

IT, communications and security experts share tips on what to do when your business is hit with an...

the word
Blockchain: 'Overhyped' buzzword or real-deal enterprise solution?

While blockchain technology may be a hotspot in data privacy, experts disagree about whether it’s a...

Google I/O sign
Google I/O 2017: What to expect from this year's developer's conference

We already know that Android O will be a hot topic of discussion, but what else does Google have hiding...

fave raves sd wan
IT execs tout benefits of SD-WAN

Two early adopters of SD-WAN share some of the gains they’re realizing from the technology, including...