Posted on

Ever digitally signed a document? Then there’s a good chance that you’ve used or at least heard of DocuSign. For a decade and half, it’s been among the world leaders in digitizing tasks that historically required putting pen to paper.

DocuSign’s business is one built around trust. Which is why it’s so worrying to see the company reporting a breach of one of its systems.

In an update on its website, DocuSign reported an uptick in targeted spam campaigns abusing the company’s branding. An investigation was launched, and it was determined that hackers had “gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email.”

At first glance, the damage appears relatively minimal. DocuSign noted that no names, addresses, social security numbers, or payment data was accessed. So what did the attackers get their hands on? Email addresses — possibly more than 100 million.

That might not seems like a very big deal at first glance. There have, after all, been so many massive leaks in recent history that there’s a very good chance most of the addresses in DocuSign’s database were already leaked from other sources. They may also have appeared in that spam database that contained 1.4 billion emails.

The problem now is that cybercriminals have a way to refine their attacks against a large group of people. People who do business online. People who exchange contract documents and complete transaction processes digitally. In short, the kind of people who cybercriminals love to spearphish.

Read full article on