DocuSign, a major provider of electronic signature technology, acknowledged today that a series of recent malware phishing attacks targeting its customers and users was the result of a data nag at single of its computer systems. The companion stresses that the data stolen was limited to customer and user email addresses, but the incident is especially dangerous because it allows attackers to target users who may already live expecting to dawn on links in emails from DocuSign.San Francisco-based DocuSign warned on May 9 that it was tracking a malicious email campaign where the topic line reads, Completed: docusign.com cable shift Instructions for recipient-name Document ready for Signature. The missives contained a link to a downloadable Microsoft Word document that harbored malware.The companion said at the time that the messages were not associated with DocuSign, and that they were sent from a malicious third-party using DocuSign branding in the headers and body of the email. But in an update late Monday, DocuSign confirmed that this malicious third party was able to send the messages to customers and users because it had broken in and stolen DocuSigns list of customers and users.As part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email, DocuSign wrote in an alert posted to its site. A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social surety numbers, credit card data or other information was accessed. no content or any customer documents sent through DocuSigns eSignature system was accessed; and DocuSigns core eSignature service, envelopes and customer documents and data remain secure.The troupe is asking people to forward any suspicious emails related to DocuSign to email@example.com, and then to delete the missives. They may appear suspicious because you dont recognize the sender, werent expecting a document to sign, contain misspellings (like docusgn.com without an i or @docus.com), contain an attachment, or direct you to a linkup that starts with anything other than https://www.docusign.com or https://www.docusign.net, reads the advisory.If you have reason to await a DocuSign document via email, dont answer to an email that looks like its from DocuSign by clicking a tie-in in the message. When in doubt, access your documents directly by visiting docusign.com, and entering the unique security cypher included at the bottom of every legitimate DocuSign email. DocuSign says it will never ask recipients to surface a PDF, office document or zip file in an email.DocuSign was already a perennial place for phishers and malware writers, but this incident is likely to intensify attacks against its users and customers. DocuSign says it has more than 100 million users, and it seems all but certain that the criminals who stole the companys customer email list are going to be putting it to nefarious employ for some time to come.