LogMeIn and DocuSign Possibly Hacked, Customers Complain About Spam

Both companies are investigating the data breach claims

A number of DocuSign and LogMeIn customers are complaining that email accounts which they’ve been using exclusively for these services are being spammed with malware-laden messages. The incident is similar to the recent Dropbox breach.

Brian Krebs reports that both DocuSign, which offers electronic signatures, and LogMeIn, a remote PC administration services provider, are investigating the claims, but so far none of them has found any traces of a breach.

LogMeIn representatives argue that the email addresses might have been targeted by the spammers because many of them contain variations of “LogMeIn” in their names.

“Many (nearly 30%) of the reports – and this includes all reports, not just the handful of people reporting the unique email claim – included variations of LogMeIn in the name, e.g. logmein@acme.com, LMI@acme.com, logmeinrescue@acme.com,” LogMeIn spokesman Craig VerColen told Krebs.

“The majority of the others used either common prefixes, e.g. info@acme.com, sales@acme.com, tech@acme.com, or common first names, e.g. joe@acme.com. While this is not the case with all of the email addresses, the commonality would seem to suggest a pattern.”

For its part, DocuSign has released a statement in which it advises customers to be on the lookout for malware-containing notifications.

In the meantime, some of their customers insist that there isn't any other way the spammers could have obtained their email addresses unless the companies have been hacked.

Hot right now  ·  Latest news