May 17, 2017 by

DocuSign Data Breach Sees Hackers Steal Millions of Users’ Email Addresses

 Popular digital signature service DocuSign has confirmed a hack of its systems wherein an unnamed third-party gained access to email addresses of its users.

For over a decade, DocuSign has been the go-to ever present digital signature service that digitized tasks which would traditionally see a pen put to paper.

On its website, DocuSign reported a marked rise malicious email campaigns, first revealed on May 9. “The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software,” DocuSign wrote on an updated entry on May 15th.

Over the course of the company’s investigation, it soon discovered that a third party gained access to “a separate non-core communication system” used by the company for service-related announcements. This compromised system contained a list of email addresses.

The company further added:

A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

At first glance, it appears that the damage caused is minimal, in relative comparison to what might have occurred if the malicious hacker had gained access to additional details. However, consider the millions of users’ email addresses signed up as DocuSign members – the service is estimated to have over 100 million users – and it makes for bad reading. Worse, these emails belong to people who sign documents and do business online. Quite simply, a category of users who cybercriminals target the most for spear-phishing campaigns.

Still, it’s easy to discern the initial phishing campaign which is typically sent from a non-DocuSign domain rife with misspellings.

They appear with the subject line – Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”. 

For its part, DocuSign claims to have taken ‘immediate action’ to prevent any further unauthorized access to the compromised system and is working with law enforcement agencies.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Data Breach: Florida Warns of 30,000 Medical Records Leak Due to Phishing

Florida’s health agency has warned of a data breach that may have exposed the data of up to 30,000...

Read more arrow_forward

India’s National ID Database of 1.2 Billion People Breached for $8

An Indian news publication has reported that the government’s biggest citizen database, a register...

Read more arrow_forward

Security Researchers Discover Trove of 1.4 Billion Credentials

Security researchers at dark web monitoring firm 4iQ have stumbled upon a massive 41GB data file of...

Read more arrow_forward