In an email sent to customers and seen by ZDNet, the company said that an unauthorized third-party gained access to a copy of its database in early August this year.
The database file contained a snapshot of the Docsketch service dated July 9, 2020, the company said.
"This database contained contact information and form fields related to documents filled out by users and users' recipients," said Docsketch founder Ruben Gamez.
Gamez said the intruder(s) didn't access the documents themselves, but they could read what information users filed inside the documents -- such as names, signatures, personal data, and even payment card details, where required.
In addition, the database also contained login information and user contacts (persons asked to fill in documents).
Passwords were also included, but Docsketch said the password strings were salted and hashed. However, Gamez didn't elaborate on the complexity and security of the salting and hashing mechanism, some of which can be cracked under certain conditions to reveal the original plaintext passwords.
Docsketch is now notifying customers who it believes were affected. In case users believe they entered personal or financial details inside Docsketch-hosted documents, the company has provided additional steps users can take to protect themselves.
Gamez said Docsketch has already secured its system and updated its infrastructure following the August intrusion.
"We're still working out the details but rest assured this is our top priority and we're going to continue making significant security and infrastructure updates," Gamez said.
Docsketch is currently ranked in the Alexa Top 25,000 most popular websites on the internet.