The electronic signature technology provider has acknowledged that this was the result of a data breach at one of its computer systems, according to security expert Brian Krebs. The stolen data was limited to customer and user email addresses, but the incident allows attackers to target users who may already be expecting to click on links in emails from DocuSign.
DocuSign warned on May 9 that it was tracking a malicious email campaign where the subject line reads, “Completed: docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature.” The company wrote in an alert posted to its site that a malicious third party had gained temporary access to a separate, non-core system that allows the company to communicate service-related announcements to users via email.
The company is asking people to forward any suspicious emails related to DocuSign to spam@docusign.com, and then to delete the missives.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now