DIGITAL SIGNATURE OUTFIT DocuSign has admitted that it has fallen victim to a data breach that has lead to its customers being targeted by malware-laced emails.
In a statement on its ironically-named Trust Centre website, DocuSign said that an unnamed third-party had got its mitts on email addresses of its users after successfully hacking into its systems.
These email addresses have since become the target of a phishing campaign, with hackers targeting users with a malicious Word document that, when opened, attempts to trick users into activating Microsoft Word's macro feature. If this feature is allowed to execute, the Word macro functions embedded in the Word document will download and install malware on the victim's computer.
The dodgy emails were designed to look like they were sent by DocuSign and had subject lines that said "Completed: [domain name] - Wire transfer for recipient-name Document Ready for Signature" or "Completed [domain name/email address] - Accounting Invoice [Number] Document Ready for Signature."
DocuSign has said that no other customer details, such as names, addresses, passwords or credit card data, was taken in the attack on its systems.
DocuSign said in a statement: "Today we confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email. A complete forensic analysis has confirmed that only email addresses were accessed.
"We took immediate action to prohibit unauthorized access to this system, we have put further security controls in place, and are working with law enforcement agencies."
The e-signature firm is advising customers to forward any fishy-looking emails they receive to [email protected], so the company's security team can analyse emerging threats. DocuSign adds that emails should be deleted afterwards, and advises customers to check that any anti-virus software is up to date. µ
Biz-focused app will help SMBs connect with customers
But she sounds like she might be a bit of a lush
Firm says DHS' decision relies on' subjective, non-technical public sources'
Really. We're not making this up