Skip to main content

E-Signature Company DocuSign Gets Hacked

By May 29, 2017March 1st, 2023Cybersecurity

DocuSign, the world’s leader in electronic signatures for official documents, played an unwitting role in a particularly nasty phishing attack.

If you’re not familiar with the company, DocuSign is used by 12 of the top 15 US insurance companies, 12 of the top 15 US financial services companies and by most real estate agents, nationwide.

It is an electronic platform that allows agents to send official documents to their clients for digital signatures, and as such, it’s used for everything from signing loan documents to establishing insurance policies. In short, the documents housed on DocuSign’s servers run the gamut of sensitive information for hundreds of millions of users around the world.
Knowing this, the hackers breached one of the company’s subsystems and managed to get their hands on the company’s email list.

Armed with this list, they copied DocuSign’s branding, logo and layout, and proceeded to send out emails that appeared to legitimately come from the company. But instead of official documents in need of signing, these emails contained poisoned Word documents containing macro-enabled malware.

The company took swift, decisive action when the breach was discovered, and the phishing attack has been derailed, but if you make use of the company’s services, you may have already received a bogus email.

Having completed their detailed forensic investigation, the company assured its users that none of the stored files were accessed. The hackers were only able to gain access to email addresses, which definitely limits the amount of damage that could be done.

Even so, if a user clicks on the poisoned attachment, there’s no way of knowing what sort of malware could be unleashed. All DocuSign users are urged to take extra care when opening emails that appear to be from the company and ensure that anything they click on is a link to a legitimate file that needs to be signed, and not a Word document.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.