LogMeIn and DocuSign Possibly Hacked, Customers Complain About Spam

Both companies are investigating the data breach claims

By on December 14th, 2012 15:57 GMT

A number of DocuSign and LogMeIn customers are complaining that email accounts which they’ve been using exclusively for these services are being spammed with malware-laden messages. The incident is similar to the recent Dropbox breach.

Brian Krebs reports that both DocuSign, which offers electronic signatures, and LogMeIn, a remote PC administration services provider, are investigating the claims, but so far none of them has found any traces of a breach.

LogMeIn representatives argue that the email addresses might have been targeted by the spammers because many of them contain variations of “LogMeIn” in their names.

“Many (nearly 30%) of the reports – and this includes all reports, not just the handful of people reporting the unique email claim – included variations of LogMeIn in the name, e.g. logmein@acme.com, LMI@acme.com, logmeinrescue@acme.com,” LogMeIn spokesman Craig VerColen told Krebs.

“The majority of the others used either common prefixes, e.g. info@acme.com, sales@acme.com, tech@acme.com, or common first names, e.g. joe@acme.com. While this is not the case with all of the email addresses, the commonality would seem to suggest a pattern.”

For its part, DocuSign has released a statement in which it advises customers to be on the lookout for malware-containing notifications.

In the meantime, some of their customers insist that there isn't any other way the spammers could have obtained their email addresses unless the companies have been hacked.