DocuSign Data Breach -
Read All About It! -
DANGER Will Robinson! (2/2)
UPDATE:
DocuSign explains that the data breach was limited to a NON-CORE SYSTEM that was used for [account holder] service-related announcements.
*** Please see the FIRST post of this series.
Below, you will find further information from DocuSign. DocuSign explanation link.
Q: What actually happened?
A: "[Early in May and again on Monday, 5/15/2017, DocuSign detected an increase in phishing emails sent to some of our customers and users – and we posted alerts on the DocuSign Trust Center and in social media.
• "The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software.
• "As part of our process in routine response to phishing incidents, we confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure.
• "However, as part of our ongoing investigation, yesterday we confirmed that a malicious third party had gained temporary access to a separate, non-core system used for service-related announcements.
• "A complete forensic analysis has confirmed that only a list of email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed.
• "No content or any customer documents sent through DocuSign’s eSignature system was accessed; DocuSign’s core eSignature service, envelopes and customer documents and data remain secure."
Q: [Are] my DocuSign envelope[s] and data secure?
A: "As part of our process in response to phishing incidents, we confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure."
For continuing updates, DocuSign suggests following
DocuSign usage facilitates so many transactions.
Fortunately, the breach was limited.
Hopefully, the damage will be minimal.
Nancy Laswick , ActiveRain member from Phoenix, AZ practiced caution even before the public announcements were made.
Nancy said, "All hacks are scary and when I first heard about this one my heart skipped several beats. I received several emails from "DocuSign" saying that my documents were ready shortly before and after the hack was discovered but I didn't bite. Fortunately the hackers emails smelled a little fishy."
For continuing updates, DocuSign suggests that " If you would like to be automatically informed about the latest security updates and alerts, please follow @askdocusign (DocuSign Support) on Twitter, where we will be posting notifications when the Trust Center is updated."
Technology saves all of us time but VIGILENCE is the required human factor.
If something doesn't look "right" - be cautious. Don't CLICK!
ALSO : DocuSign is not alone with the threats to users. *** eSign Online Spoofing Post Link.
Image courtesy of DocuSign report