Electronic signature company DocuSign has been compromised with criminals sending phishing emails that appear to be legitimate.
The attack reinforces the fact that no company regardless of size or vertical is immune to being attacked. Even security companies themselves. Therefore, it is essential for all to have a level of threat detection in place to be able to quickly identify when any systems are attacked or compromised.
DocuSign warned users about the flood of dodgy mails, checked its core systems and found them watertight. But it's now admitted that its ongoing investigations found that “ … a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email.” “A complete forensic analysis has confirmed that only email addresses were accessed,” the company says, adding that “no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.