Author: Catalin Cimpanu / Source: BleepingComputer
Today, DocuSign — a provider of e-signature technology — acknowledged a data breach incident following which a third-party managed to gain access to the email addresses of its customers, data that it’s now using in massive spam campaigns.
[A]s part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email. A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.
The company discovered the data breach after in the last two weeks they continued…
Click here to read more