For the past week, DocuSign, a leading provider of digital signature technology used to validate documents, has been tracking a malicious email campaign against its customers. In the process of investigating the issue, the company also noticed that an unauthorized party gained temporary access to one of its systems.
DocuSign Data Breach
According to the company, only the email addresses of its customers were stolen in the data breach. An email address is not the most sensitive information that can be associated with an online account, so at first that may not seem like such a big deal.
However, once attackers have someone’s emails, they can then send the targets spam, do targeted phishing against some of the customers to obtain more information from them or install malware in their computers, or use the emails to identify a user’s other online accounts. Then the attackers could try getting into those accounts, too, through other means. It’s how some Twitter and Skype accounts were hacked with information stolen from Linkedin accounts.
According to DocuSign, the attackers would “spoof” the DocuSign brand in an attempt to trick its customers into opening a Word document attachment that, when clicked, would infect the customers’ systems with malware.
DocuSign confirmed that its core "eSignature" technology, on which its service relies, has not been compromised. That means there shouldn’t be any documents out there with falsified eSignatures, or if there are, it’s not because of this data breach. The company said the customers’ documents also remained secure.
Mitigating The Attack
DocuSign said it took immediate access to prohibit unauthorized access to the affected system, and it put further security controls in place. It’s also helping law enforcement investigate the breach.
For additional protection, DocuSign recommended that its customers take the following steps to secure their accounts:
- Delete any emails with the subject lines: “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”.
- Forward suspicious emails such as those trying to replicate DocuSign’s domain name but have missing letters, to firstname.lastname@example.org.
- Ensure your antivirus is up to date
- Review DocuSign’s paper on phishing.
For more updates on this security issue, the company said its customers should visit the DocuSign Trust Site.