DocuSign Confirms Hackers Gain Access to Email Addresses

May 16, 2017

DocuSign confirmed Tuesday that a malicious third party gained temporary access to a "non-core system" allowing it to steal email addresses.

According to DocuSign, non-public personal information was not accessed:

A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed.

DocuSign’s reported that its core e-signature service, envelopes and customer documents and data remain secure.

This confirmation followed an announcement by DocuSign that it detected an increase in phishing emails sent to some of its customers and users. The spoofed emails branded as if they came from DocuSign attempt to trick recipients into opening an attached Word document that, when clicked, install malicious software.  

The email addresses may be used to target those handling wire transfers. DocuSign recommended the following steps to ensure the security of your email and systems:

  • Delete any emails with the subject line, “Completed: [domain name]  – Wire transfer for recipient-name Document Ready for Signature” and “Completed [domain name/email address] – Accounting Invoice [Number] Document Ready for Signature”. These emails are not from DocuSign. They were sent by a malicious third party and contain a link to malware spam.
  • Forward any suspicious emails related to DocuSign to, and then delete them from your computer. They may appear suspicious because you don’t recognize the sender, weren’t expecting a document to sign, contain misspellings (like “” without an ‘i’ or, contain an attachment or direct you to a link that starts with anything other than or
  • Ensure your anti-virus software is enabled and up to date.
  • Review DocuSign’s whitepaper on phishing

Additional tips

  • Be wary of emails that ask you to view or download files from people you do not know.
  • Also be cautions of emails that ask you to view files on services that you do not subscribe to.
  • Hover your mouse over the URL of links contained in emails to check their destination address. Don’t click suspicious links. To log into a service, open a new web browser and type in the URL manually.
  • Be wary of services that ask you to provide log-in credentials for a number of different email providers. This is a trick scammers use to a widen their phishing net, allowing them to steal details from users.

Additional Resources

Contact ALTA at 202-296-3671 or