DocuSign reveals 'non-core' system breach powered phishing expedition

Unauthorised access to a system holding a DocuSign email list has resulted in a phishing spike.
Written by Chris Duckett, Contributor

Ransomware: Everything you ever wanted to know

DocuSign has revealed a data breach that has allowed malicious actors to conduct a wide-ranging phishing campaign.

In a notice on its website, DocuSign said it found the breach when investigating the cause of an increase in DocuSign-impersonating phishing emails.

"A malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email," the company said.

"A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data, or other information was accessed.

"No content or any customer documents sent through DocuSign's eSignature system was accessed; and DocuSign's core eSignature service, envelopes and customer documents and data remain secure."

According to DocuSign, the phishing emails have the subject lines: "Completed: [domain name] - Wire transfer for recipient-name Document Ready for Signature" and "Completed [domain name/email address] - Accounting Invoice [Number] Document Ready for Signature".

It recommends forwarding the malicious emails to spam@docusign.com and deleting them.

A full copy of the email template can be found on TechHelpList.com, which said the messages contain a .doc file that downloads password and bank-credential stealing malware.

Recently appointed DocuSign CEO Daniel Springer said in January that the company was IPO ready.

"It could go public in any market," Springer said. "It's more just thinking through what's the right time for this business."

Former CEO Keith Krach moved onto the board of the San Francisco-based company.

Editorial standards