DocuSign confirmed on Tuesday that a malicious third party had gained temporary access to a separate, non-core system to steal possibly more than 100 million email addresses. Fortunately, DocuSign’s core eSignature service, envelopes and customer documents remain secure.
DocuSign stated in its update that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed.
They are aware that many REALTORS use DocuSign and are alerting people to take the following steps to ensure the security of their email and systems:
1. Delete any emails with the subject line, “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”. These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam.
2. Forward any suspicious emails related to DocuSign to firstname.lastname@example.org, and then delete them from your computer. They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like “docusgn.com” without an ‘i’ or @docus.com), contain an attachment, or direct you to a link that starts with anything other than https://www.docusign.com or https://www.docusign.net.
3. Ensure your anti-virus software is enabled and up to date.
4. Review our whitepaper on phishing available at https://trust.docusign.com/static/downloads/Combating_Phishing_WP_05082017.pdf
For the Full Story Check it Out Here