Convincing emails contained Word doc attachment that installed malicious software upon opening.
When digital signature platform DocuSign suffered a data breach last month, the information that the hackers gained was pretty meaningless. While no data theft is without consequence, this one was minor when you compare it to hacking events such as the Office of Personnel Management breach in 2015. In that event, the complete identities of around 22 million people were compromised; that can make the DocuSign breach in which an estimated 100,000 users’ email addresses seem like small potatoes.
So what would hackers want with that many email addresses, knowing that no names, Social Security numbers, or even account passwords were up for grabs? Fodder for phishing attacks, several of which have already been launched as a result of the stolen DocuSign data.
Unusually high volume
Interestingly, this is one of those times when the breach was only discovered because of the flood of spoofed phishing emails that appeared to originate from DocuSign itself. After the unusually high volume of traffic, the company investigated and discovered the problem. The well-crafted (and therefore, somewhat believable) emails contain a Word doc attachment that installs malicious software on the recipient’s computer upon opening.
While DocuSign still recommends that usual best practices for situations like this – never click a link or open an attachment you weren’t expecting, make sure your AV software is up-to-date, change your passwords frequently, etc – the company took pains to point out that only the email addresses have been compromised. Apart from no other user data being accessed, none of the documents themselves that users were electronically signing were available, either. The content that users sign for is still unavailable to any unauthorized third-parties.
This news comes at a particularly bad time for the company – almost as though hackers knew that and capitalized on it – as DocuSign just announced a lucrative partnership with Microsoft to expand Azure services into Canada. Hopefully other parties (ie, shareholders) will see this particular breach as a minor issue, as well.