The Electronic signature technology provider DocuSign suffered a data breach, hackers have stolen email addresses from one of its servers.
On Monday the company informed its customers of the data breach and warned them of fake emails set up to deliver weaponized Word documents, it also reported the incident to law enforcement agencies who are currently investigating the case.
The malicious messages appeared to come from addresses such as firstname.lastname@example.org and email@example.com, they have the following subject lines:
“Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature.”
Threat actor behind the DocuSign hack launched a phishing campaign against the customers of the firms, anyway, announced hackers have broken into a “non-core system.” designed for sending service-related email announcements to users.
Spear Phishing campaigns following a data breach represent a serious threat for customers of the hacked firm.
The company notified the incident to the customers and advised users to be vigilant and to report any suspicious email to firstname.lastname@example.org.
“[The emails] may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like ‘docusgn.com’ without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than docusign.com or docusign.net,” DocuSign added.
According to DocuSign, hackers only accessed email addresses, there is no evidence that attackers accessed personal and financial information such as names, physical addresses, passwords, social security numbers, and payment card.
Below an excerpt from the data breach notification statement issued by DocuSign:
The company said it has blocked the hack and locked out attackers from its systems, it also announced additional security controls.
(Security Affairs – DocuSign, data breach)