Connect with us

Hi, what are you looking for?

The American GeniusThe American Genius

Business News

Despite DocuSign promises, they couldn’t avoid the inevitable

(BUSINESS NEWS) There are no guarantees of safety, no matter how hard a brand works to secure docs.

docusign

uh-oh

DocuSign, the leading electronic document-signing company for over a decade, promises to “move business forward securely and reliably” on its website. Last Monday, their promise fell short of reality.

bar

The company announced that in a brazen breach of security, hackers illegally acquired email addresses and contact lists of clients, which were later used to launch damaging phishing attacks. The messages contained a link to a Microsoft Word document containing malware.

Malicious third party

In a statement the company said, “Today we confirmed that a malicious third party had gained temporary access to a separate, non-core communication system used for service-related announcements that contained a list of email addresses.”

The extent of the hack was unspecified by the company, leading to speculation that the reach was deep and widespread.

It was also unclear how many clients fell victim to the phishing attacks.

Advertisement. Scroll to continue reading.

Nothing pertinent

But DocuSign denied an invasive attack, stressing that only email addresses were compromised. The company statement claimed, “A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed.”

It seems that secured documents sent by clients through its system for eSignature were not compromised.

But the company feared phishing attacks containing a counterfeit DocuSign branding logo with addresses ending in “docus.com”, a lookalike fake domain would continue to proliferate. The attack lured victims to a wire transfer or accounting invoice declaring “Document Ready for Signature”.

Damage control

In our digital era, huge waves of coordinated phishing attacks, sometimes even state-sponsored, are have become extremely common. So some security experts seemed not too alarmed by the DocuSign breach. Troy Hunt, a security expert told Inc.com, “It’s usually a trivial affair to track down someone’s address because after all, that’s how you get in touch with them!”

However, the eventual phishing attack contained sophisticated malware in the attachment that had the potential to access passwords or even banking credentials.

To its clients, the company struck a tone of extreme caution and instructed to “forward any suspicious emails related to DocuSign to spam@docusign.com, and then delete them from your computer.”

It assured them further by saying, “We took immediate action to prohibit unauthorized access to this system, we have put further security controls in place, and are working with law enforcement agencies.”

Advertisement. Scroll to continue reading.

DocuSign deals is built on trust.

It has access to extremely confidential documents—from sensitive business contracts to medical documents. Any reports of digital vulnerability might immediately turn clients away from availing their services.

The company seems to be acutely aware of this.

Nearly five years ago, the American Genius ran a story about how many DocuSign clients’ information appeared to have been publicly accessible through Google search.

The company vehemently denied any breach of security back then and explained “it appears that a very small number of DocuSign users have saved their own personal copies of their signed documents to publicly accessible and searchable locations outside of the secure DocuSign Global Network,” essentially shifting any blame on users.

No scapegoat this time

This time around, the company had to admit a third-party caused the breach.

On their website, DocuSign tells clients to “get to ‘yes’ faster” by availing their services that are “more secure than paper.”

Advertisement. Scroll to continue reading.

On paper, in fact, that’s not true anymore.

#Docusign

Barnil is a Staff Writer at The American Genius. With a Master's Degree in International Relations, Barnil is a Research Assistant at UT, Austin. When he hikes, he falls. When he swims, he sinks. When he drives, others honk. But when he writes, people read.

Click to comment

Leave a Reply

Your email address will not be published.

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Advertisement

KEEP READING!

Opinion Editorials

(EDITORIAL) It may seem counter-intuitive, but reaching goals comes down to throwing away the one metric we can't help but use.

Business Marketing

(MARKETING) It's not what you say, but when and how you say it! Here are some of the simplest ways to get people to...

Tech News

(TECH NEWS) If you work on public internet or are just looking to beef up your internet security VPNs could be your answer. Here...

Tech News

(TECH NEWS) While we all know that passwords can be hacked, it is rare that we know how they're hacked.

The American Genius is a strong news voice in the entrepreneur and tech world, offering meaningful, concise insight into emerging technologies, the digital economy, best practices, and a shifting business culture. We refuse to publish fluff, and our readers rely on us for inspiring action. Copyright © 2005-2022, The American Genius, LLC.