LogMeIn and DocuSign Possibly Hacked, Customers Complain About Spam

Both companies are investigating the data breach claims

By Eduard Kovacs on December 14th, 2012 15:57 GMT

A number of DocuSign and LogMeIn customers are complaining that email accounts which they’ve been using exclusively for these services are being spammed with malware-laden messages. The incident is similar to the recent Dropbox breach.

Brian Krebs reports that both DocuSign, which offers electronic signatures, and LogMeIn, a remote PC administration services provider, are investigating the claims, but so far none of them has found any traces of a breach.

LogMeIn representatives argue that the email addresses might have been targeted by the spammers because many of them contain variations of “LogMeIn” in their names.

“Many (nearly 30%) of the reports – and this includes all reports, not just the handful of people reporting the unique email claim – included variations of LogMeIn in the name, e.g. logmein@acme.com, LMI@acme.com, logmeinrescue@acme.com,” LogMeIn spokesman Craig VerColen told Krebs.

“The majority of the others used either common prefixes, e.g. info@acme.com, sales@acme.com, tech@acme.com, or common first names, e.g. joe@acme.com. While this is not the case with all of the email addresses, the commonality would seem to suggest a pattern.”

For its part, DocuSign has released a statement in which it advises customers to be on the lookout for malware-containing notifications.

In the meantime, some of their customers insist that there isn't any other way the spammers could have obtained their email addresses unless the companies have been hacked.
DocuSign and LogMeIn investigate hack claims
   DocuSign and LogMeIn investigate hack claims
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

4 Comments