Today, DocuSign — a provider of e-signature technology — acknowledged a data breach incident following which a third-party managed to gain access to the email addresses of its customers, data that it's now using in massive spam campaigns.
[A]s part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email. A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.
The company discovered the data breach after in the last two weeks they continued to detect spam campaigns targeting clients. All emails used official branding and were made to look like real DocuSign emails.
According to alerts posted in the DocuSign Trust Center, the biggest and notable spam campaigns took place on May 9 and 15.
The company is now advising customers to deleted any emails with the following subject lines, used in the two spam campaigns.
All emails with these messages contain Word documents as attachments, which when opened try to trick users into activating Microsoft Word's macro feature. If this feature is allowed to execute, the Word macro functions embedded in the Word document will download and install malware on the victim's computer.
DocuSign is now informing customers that their emails were exposed in an attempt to raise awareness and mitigate any further spam campaigns that might target its userbase.
DocuSign engineers would like customers to forward any suspicious emails they receive to email@example.com, so the company's security team could analyze emerging threats.