Cyber Incident Victim: Docsketch

In early August 2020, an unauthorized third party gained access to a copy of Docsketch's database containing a snapshot of the service as of July 9, 2020. The compromised database included contact information, form fields related to documents filled out by users and recipients, and login credentials. While the documents themselves were not accessed, the exposed form fields contained sensitive data entered by users during document completion, such as names, signatures, personal identifiers, and payment card details where applicable. The database also stored user contact lists comprising individuals invited to complete documents. Password strings were protected with salting and hashing techniques, though the company did not disclose specifics about the cryptographic strength or implementation details of these security measures. Docsketch founder Ruben Gamez confirmed the breach via customer notifications, clarifying that the intrusion occurred despite the documents remaining inaccessible to attackers.

Following the August intrusion, Docsketch implemented system security enhancements and infrastructure updates. The company initiated customer notifications specifically targeting users who entered personal or financial information in documents, providing them with additional protective measures. Gamez stated that resolving the breach remained the organization's top priority, with plans for continued security and infrastructure improvements underway. The incident impacted an unspecified number of users given Docsketch's status among the Alexa Top 25,000 most visited websites at the time. Exposed data primarily consisted of metadata and form inputs rather than complete documents, though this still included sensitive elements like partial payment information and personally identifiable details from document fields. No evidence suggested ongoing unauthorized access after containment measures were applied.