E-signature company DocuSign says it experienced a temporary breach of what it calls a non-core email system, resulting in the release of about 100 million email addresses that could be used for phishing schemes.
According to the company, the non-core system contains email addresses used for sending service-related announcements to customers. The company’s core eSignature product, which provides a secure environment for signing documents, including for real estate transactions, was not part of the breach and remains secure.
In a statement, the company says it took “immediate action to prohibit unauthorized access to this system. We have put further security controls in place, and are working with law enforcement agencies.”
The system breach involved only email addressees, the company said. No names, physical addresses, passwords, social security numbers, credit card data, or other information was accessed.
The National Association of REALTORS® is a financial investor in the company, whose e-signature system is widely used in the real estate industry.
The company advises its customers to protect against phishing schemes as a result of the breach by deleting any emails with the subject lines “Completed: [domain name] – Wire transfer for recipient-name Document Ready for Signature” or “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature.”
Source: “Hackers reportedly steal ‘millions’ of email addresses from DocuSign,” May 16, 2017
