DocuSign Breach Leads to Massive Phishing Campaign

Digital signature technology firm DocuSign today alerted customers that part of its systems have been compromised, which has led to an increase in phishing e-mails sent to users of the service.

The Seattle, Wash. based company confirmed that an unauthorized third party had gained entry to a portion of its system responsible for storing customer information on service announcements, and that only a limited amount of user data was exposed.

"A complete forensic analysis has confirmed that only e-mail addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed," said the company in a released online statement.  "No content or any customer documents sent through DocuSign's eSignature system was accessed; and DocuSign's core eSignature service, envelopes and customer documents and data remain secure."

The information was enough to allow attackers to craft specially targeted e-mail campaigns at users featuring doctored branding and headers that make messages appear to contain legitimate DocuSign attachments. Many of the phishing e-mails contains the following in the header: ""Completed: -- Wire Transfer Instructions for recipient-name Document Ready for Signature."

Instead of containing a legitimate DocuSign attachment, these e-mails come packed with a malicious Word document that, when opened, can infect a system with macro-enabled-malware.

DocuSign recommends anyone receiving the suspicious e-mails to forward them to the company (at [email protected]) and then delete the message. The company also said that an easy way to spot a potentially malicious message is to look for any slight misspellings, especially in the "DocuSign" company name. And, as a reminder, DocuSign is also recommending that users take this opportunity to make sure that their antivirus software is running and up to date.

While the exact number of those affected by the breach and subsequent phishing campaign is unknown, DocuSign has more than 100 million users, so those affected by the ongoing phishing attempts could grow. And, due to much of the company's services being used in the financial sector, including the majority of major financial institutions in the U.S., those in any related field are at a higher risk to be affected.

DocuSign did confirm that, in an attempt to limit the damage, it has increased its security controls and monitoring, and is actively working with law enforcement agencies to identify those responsible for the breach.

The company recently made news at last week's Microsoft Build developer conference when it and Microsoft announced a partnership that will see the digital signature company using Azure to expand its services in Canada.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube