‘Docsketch’ Has Announced August Security Breach

Published on October 10, 2020
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

Customers of ‘Docsketch,’ an electronic document-signing service, are receiving security breach notifications that warn them of exposure. The security incident took place a couple of months ago, in the first days of August, and the database that was accessed by the infiltrators contained a snapshot of the service from back on July 9, 2020. So, if you have been using Docsketch after that date, this piece doesn’t concern you. If you used it earlier, you might have been exposed to hackers.

More specifically, the attackers could have accessed the names, signatures, contact information, various personal data types, and, unfortunately, even payment card details. Both the users and the recipients of the documents sent through service are affected by this incident. The severity level depends on the type of information contained in the signed files. In addition to this data, user credentials might have also been exposed.

Docsketch told its userbase that the password strings stored in the database were salted and hashed, so cracking them will be required in order to use them. How hard that is to do depends on the type of encryption, but the company shared no actual details on that part. That said, resetting your password on the platform and on anywhere else you may be using the same credentials should be non-negotiable now.

Read More: ‘Bitexlive’ Exposed Sensitive User Information to Site Visitors

The platform says that its security and infrastructure are now upgraded and that no similar incidents can take place there anymore. In the meantime, they set up an instructions page for the exposed users to help them take steps to protect themselves.

For a highly popular service like Docsketch, security incidents like this one are a catastrophe in the field of user trust, and, without a doubt, create a negative environment, both short and long term. However, having the valency to publicly admit what happened (even with a delay) and to send letters of warning to the affected users is a praise-worthy action that we don’t see very often.

Most incidents of this kind are pushed under the rug, hoping that white-hat dark net crawlers won’t find the data set that will bring the event to light. More often than not, this is proved to be wishful thinking.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: