DocuSign Data Breach
DANGER Will Robinson!
Read All About IT ! (1/2)
UPDATED: May 22, 2017
DocuSign reported a data breach that allowed malicious hackers to conduct a wide-ranging phishing campaign.
In a notice on DocuSign's website, the breach was discovered when investigating the cause of an increase in DocuSign-impersonating phishing emails.
"A malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email," the company said.
"A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data, or other information was accessed."
According to DocuSign:
"No content [and] no customer documents sent through DocuSign's eSignature system [were] accessed; and DocuSign's core eSignature service, envelopes and customer documents and data remain secure."
The phishing emails have the following subject lines:
"Completed: [domain name] - Wire transfer for recipient-name -
Document Ready for Signature"
"Completed [domain name/email address] - Accounting Invoice [Number] -
Document Ready for Signature".
DocuSign recommends forwarding the malicious emails to firstname.lastname@example.org
and then deleting the malicious emails.
A full copy of the FRADULENT email template is posted at TechHelpList.com.
The messages contain a ".doc" file that downloads
password stealing and bank-credential stealing malware.
THINK BEFORE YOU CLICK !!!!
For continuing updates, DocuSign suggests that " If you would like to be automatically informed about the latest security updates and alerts, please follow @askdocusign (DocuSign Support) on Twitter, where we will be posting notifications when the Trust Center is updated."
Image courtesy of DocuSign report