.jpg){kind=avatar}
The phishing emails were designed to look like they were sent by DocuSign, but word Document attachments in the emails installed malware if opened.
The company began tracking the phishing campaign on its security site on May 9, though it was not until today that it confirmed its email list had been stolen. In today’s post, DocuSign said its eSignature service, envelopes and customer documents remain secure, but that hackers were able to access customer emails through a “non-core” system that the company uses to send service-related announcements. DocuSign added that only emails were stolen and other sensitive information, including names, physical addresses, passwords, social security numbers, credit card data and documents sent through the eSignature system, were not accessed.
