DocuSign hacked, e-mail addresses stolen
16 May 2017 | 0
Digital signature service DocuSign said Monday that an unnamed third party had got access to e-mail addresses of its users after hacking into its systems.
The hackers gained temporary access to a peripheral sub-system for communicating service-related announcements to users through e-mail, the company said. It confirmed after what it described as a complete forensic analysis that only e-mail addresses were accessed, and not other details such as names, physical addresses, passwords, social security numbers, credit card data or other information.
“No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure,” DocuSign said in a post.
DocuSign claims more than 200 million users in 188 countries. It said on its website that 12 of the of the top 15 US financial services companies and 12 of the top 15 US insurance carriers use DocuSign.
The company has since earlier this month said it was monitoring malicious emails that had the subject lines: ‘Completed: docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature,’ or ‘Completed *company name* – Accounting Invoice *number* Document Ready for Signature,’ and used DocuSign branding in the headers and body of the e-mail. The e-mails had links to a downloadable Word document that was meant to trick users into running macro-enabled malware.
The company said the mails were being sent from domains that were not related to DocuSign, but by Monday it was suggesting that the eimail IDs had come from a hack of its own system.
DocuSign said it had taken action quickly to block unauthorized access to the system, added further security controls, and is working with law enforcement agencies. It said it was alerting users as a matter of abundant caution to take measures such as forwarding to the company any suspicious e-mails relating to DocuSign and deleting them from their systems, and ensuring their antivirus software is enabled and updated.
IDG News Service