Digital signature service DocuSign has confirmed that hackers recently managed to gain access to one of its computer systems and obtain customer and user e-mail addresses. The stolen data is already being put to use as the company says it observed an increase in targeted phishing e-mails sent to some of its customers and users both last week and again this week.
As Krebs on Security correctly points out, the matter is especially troubling because it allows attackers to target users with phishing e-mails that may be expecting to click links in an e-mail from the service.
DocuSign notes that as part of its investigation into the matter, they’ve confirmed that their core eSignature service, customer documents and envelopes remain secure. Furthermore, no names, passwords, physical addresses, social security numbers, credit card data or other related information was accessed in the breach.
The company said it took immediate action upon learning of the unauthorized access, put additional security controls in place and is working with law enforcement agencies on the matter.
In addition to ensuring your anti-virus software is enabled and up-to-date, DocuSign asks that users forward any suspicious e-mails related to the service to firstname.lastname@example.org then promptly delete the message(s). Potentially suspicious messages may come from an unknown sender, exhibit obvious grammar errors, contain an attachment or link to sites other than DocuSign’s main website.
Image courtesy Sarah Rice, SF Gate