DocuSign Breach Leads to Massive Phishing Campaign

Digital signature technology firm DocuSign today alerted customers that part of its systems have been compromised, which has led to an increase in phishing e-mails sent to users of the service.

The Seattle, Wash. based company confirmed that an unauthorized third party had gained entry to a portion of its system responsible for storing customer information on service announcements, and that only a limited amount of user data was exposed.

"A complete forensic analysis has confirmed that only e-mail addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed," said the company in a released online statement.  "No content or any customer documents sent through DocuSign's eSignature system was accessed; and DocuSign's core eSignature service, envelopes and customer documents and data remain secure."

The information was enough to allow attackers to craft specially targeted e-mail campaigns at users featuring doctored branding and headers that make messages appear to contain legitimate DocuSign attachments. Many of the phishing e-mails contains the following in the header: ""Completed: -- Wire Transfer Instructions for recipient-name Document Ready for Signature."

Instead of containing a legitimate DocuSign attachment, these e-mails come packed with a malicious Word document that, when opened, can infect a system with macro-enabled-malware.

DocuSign recommends anyone receiving the suspicious e-mails to forward them to the company (at and then delete the message. The company also said that an easy way to spot a potentially malicious message is to look for any slight misspellings, especially in the "DocuSign" company name. And, as a reminder, DocuSign is also recommending that users take this opportunity to make sure that their antivirus software is running and up to date.

While the exact number of those affected by the breach and subsequent phishing campaign is unknown, DocuSign has more than 100 million users, so those affected by the ongoing phishing attempts could grow. And, due to much of the company's services being used in the financial sector, including the majority of major financial institutions in the U.S., those in any related field are at a higher risk to be affected.

DocuSign did confirm that, in an attempt to limit the damage, it has increased its security controls and monitoring, and is actively working with law enforcement agencies to identify those responsible for the breach.

The company recently made news at last week's Microsoft Build developer conference when it and Microsoft announced a partnership that will see the digital signature company using Azure to expand its services in Canada.

About the Author

Chris Paoli is the site producer for and


  • Microsoft Releases Surface Diagnostic Toolkit for Business

    Microsoft released a new tool, Surface Diagnostic Toolkit for Business, earlier this month, providing a means for IT pros to find and troubleshoot problems on Microsoft Surface devices.

  • How To Enable Guest Access for Office 365

    While it's possible to give outside users access to certain content in your organization's Office 365 environment, the process of setting them up requires a few extra steps.

  • Microsoft Now Supports OpenSSH in Windows Server 2019

    Microsoft announced on Tuesday that the OpenSSH solution used for remote management is now a supported "Features on Demand" addition in both Windows 10 version 1809 and Windows Server 2019.

  • Microsoft's December Security Patches Includes Fixes for Two Active Exploits

    Microsoft ended the patch year on Tuesday with a whimper of sorts, releasing an estimated 39 security fixes in its December bundle plus one security advisory, according to a count by Trend Micro's Zero Day Initiative.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.