Breached DocuSign database behind massive phishing campaign

The theft of a database containing the email addresses of DocuSign customers is to blame for a massive phishing campaign targeting the electronic signature technology provider's users over the past week.

Last Tuesday the US-based company advised customers of a malicious email campaign that spoofed DocuSign's branding and email headers in an attempt to get users to run macro malware.

The phishing emails masqueraded as documents sent from another company needing a digital signature from the recipient. They included a downloadable Word document containing the malware.

The emails were sent from domains including dse@docus.com.

Today the company revealed the mass phishing campaign had been enabled by a breach of one of its "non-core" systems that contained customer data for the purpose of sending out service announcements via email.

DocuSign said only email addresses had been accessed in the breach.

"No names, physical addresses, passwords, social security numbers, credit card data or other information was accessed," the company advised.

"No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure."

The company said it had put new security controls in place to prevent further breaches, and was working with law enforcement agencies.

It advised customers to delete any emails with emails containing the subject lines: “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”.

DocuSign also said users should forward any suspect emails to the company's spam address and ensure their anti-virus is up to date.

"Your trust and the security of your transactions, documents and data are our top priority. The DocuSign eSignature system remains secure, and you and your customers may continue to transact business through DocuSign with trust and confidence," it said.

DocuSign boasts more than 40 million global uses of its encrypted document exchange technologies and digital signature document authentication.