This is very interesting and creepy.

Could a LogMeIn representative respond to this question?

Update: More phising spam and complementary trojan received (from the IRS, apparently) to my personal LMI account and the one I manage for work.

Yes, this just happened to us!

Several alias account (that we used nowhere other than logmein.com) have started getting jconnect fax spam.

I think their database was comprimised and all the email addresses stolen.

Call support and give them the details. They told me there's no record of a breach on their end so let's at least get this into their support system.

I received the same thing today, to an email address that's only used for LogMeIn.  I've forwarded the message to LMI support.  I doubt the LMI did this intentionally, but they've obviously had a breach of some type, whether external or internal.  Hopefully this is something as benign as an employee making off with a list of email addresses (as if that isn't bad enough), and not a more serious breach of their system.

I'm looking forward to a PUBLIC statement from LMI regarding this issue.

I wanted to add that both copies of the trojan-spam email I received this morning originated from IP address 182.72.122.218, which is located in India.

Apparently this IP address has already been identified by Project Honey Pot as a source of spam.

For cross-reference, I've created a thread about this issue in DocuSign's community forums: Docusign customer information security breach

It's interesting that DocuSign has officially responded to the spam outbreak but are treating it like a regular phishing / forged-"From"-field incident, not even considering a leak their end. :(