Hack Notice

Hack Notice: DocuSign

DocuSign

Source
https://cpworks.net/docusign-data-breach-led-to-targeted-email-malware-campaign/
Description
DocuSign data breach Led to Targeted Email Malware Campaign While we all were busy in the WannaCry ransomware menace, ii separate data breaches have been reported, one in DocuSign, a major provider of electronic signature technology, and another in BELL, Canadas largest telecommunications company. In a mark on its website on Tuesday, DocuSign confirmed a breach at one of its email systems when investigating the do of an increase in DocuSign-impersonating phishing emails. A malicious third party had gained temporary access to a separate, non-core system that allows us to pass service-related announcements to users via email, DocuSign said in the announcement. WHAT HAPPENED? An unknown hacker or group of hackers managed to transgress one of the electronic signature technology providers email systems and steal a database containing the email addresses of DocuSign customers. The attackers then used the stolen data to conduct an extensive phishing drive to target the DocuSigns users over the past week. The phishing email masqueraded as documents sent from another company with the subject line Completed *company name*  accounting Invoice *number* document Ready for Signature, needing a digital signature from the recipient. The emails, sent from domains including dse@docus.com, included a downloadable Microsoft Word document, which when clicked, installs macro-enabled-malware on the victims computers. WHAT type OF INFORMATION? The companion said only email addresses of its customers had been accessed in the breach. However, DocuSign assured its customers that no names, physical addresses, passwords, social security numbers, credit card information or any other information had been accessed by the attackers. No content or any customer documents sent through DocuSigns eSignature system was accessed; and DocuSigns core eSignature service, envelopes and customer documents, and data remain secure, the companion stressed. HOW MANY VICTIMS? The number of victims affected by the phishing campaign has not been confirmed, but DocuSign encourages its customers to use the DocuSign trust center to assist them protect themselves and their employees from phishing attacks. WHAT IS DOCUSIGN DOING? In an attempt to protect its customers, DocuSign has immediately restricted unauthorized access to its system and placed further certificate controls in set to hardened the certificate of its systems. The fellowship is also actively working with law enforcement authorities on the investigation of this matter. WHAT SHOULD DOCUSIGN CUSTOMERS DO? DocuSign recommended its users to delete any email with the following case line: Completed: [domain name]  wire transfer for recipient-name Document Ready for Signature Completed: [domain name/email address]  Accounting Invoice [Number] Document Ready for Signature. If you find any suspicious email, you should forward it to the companys spam address, advised DocuSign. Also, if the email looks like it has come from DocuSign, just doh not respond to that email or click on any link provided in the message. Instead, access your documents directly by visiting DocuSign official website, and entering the unique security encrypt provided at the bottom of every legit DocuSign email. The companion also informed its users that DocuSign never asks recipients to open any PDF, office document or ZIP file in an email. last but not the least, always wee-wee sure your antivirus software is up-to-date. Source: The Hackers news (https://thehackernews.com/2017/05/DocuSign-data-breach.html)

About HackNotice and DocuSign

HackNotice is a service that notices trends and patterns in publically available data so as to identify possible data breaches, leaks, hacks, and other data incidents on behalf of our clients. HackNotice monitors data streams related to breaches, leaks, and hacks and DocuSign was reported by one of those streams. HackNotice may also have the breach date, hack date, the hacker responsible, the hacked industry, the hacked location, and any other parts of the hack, breach, or leak that HackNotice can report on for the consumers of our product.

If you are a user of DocuSign their products, services, websites, or applications and you were a client of HackNotice, monitoring for DocuSign you may have been alerted to this report about DocuSign . HackNotice is a service that provides data, information, and monitoring that helps our clients recover from and remediate data breaches, hacks, and leaks of their personal information. HackNotice provides a service that helps our clients know what to do about a hack, breach, or leak of their information.

If DocuSign had a breach of consumer data or a data leak, then there may live additional actions that our clients should take to protect their digital identity. data breaches, hacks, and leaks often guide to and reason identity theft, account have overs, ransomware, spyware, extortion, and malware. account takeovers are often caused by credential reuse, parole reuse, easily guessed passwords, and are facilitated by the sharing of billions of credentials and other customer information through data leaks, as the direct outcome of data breaches and hacks.

HackNotice monitors trends in publically available data that indicates tens of thousands of data breaches each year, along with billions of records from data leaks each year. On behalf of our clients, HackNotice works to monitor for hacks that lead to lower client surety and digital identities that have been exposed and should be considered vulnerable to attack. HackNotice works with clients to identify the extent that digital identities get been exposed and provides remediation suggestions for how to grip each type of exposure.

HackNotice monitors the hacker community, which is a network of individuals that apportion data breaches, hacks, leaks, malware, spyware, ransomware, and many other tools that are often used for financial fraud, account submit overs, and further breaches and hacks. HackNotice monitors the hacker community specifically for breaches, hacks, and data leaks that hurt consumers. HackNotice applies industry specific knowledge and advanced surety practices to monitor for trends that indicate breaches, hacks, and exposed digital identities.

HackNotice also enables clients to share hack notices with their friend, family, and collogues to help increment awareness around alleged hacks, breaches, or data leaks. HackNotice works to provide clients with sharable reports to help growth the security of our clients personal network. The surety of the multitude that our clients interact with directly impacts the level of certificate of our clients. Increased photograph to accounts that have been taken over by hackers leads to further account have overs through phishing, malware, and other attach techniques.

If you found this cut notice to be helpful, then you may live interested in reading some additional cut notices such as:

. In the case of Target, the 2013 breach cost mark a significant drop in profit, which dove an est series of medical data breaches and the deficiency of public trust, some countries hold enacted laws requtification for red and unauthorized skill of health information. The United States and the EU

conferenceusa.com

MMALTZAN.COM

Guardian Community Trust, Inc.