Today I received a piece of phishing spam plus trojan attachment, allegedly from DocuSign, addressed "To" the email addy I ONLY use for LogMeIn.
This, I believe, is because LMI have leaked this private info to the outside world - either intentionally or, more likely, inadvertently so.
I have an email account that allows me to put anything in front of the @ (at), which helps keep track of what/who I sign up to. This way, not only do I know who leaks my email addresses (as did happen with Dropbox a few months back), spammers can be blocked after they get ahold of it. My PC is malware-free and I hardly use LogMeIn (although it is installed albeit disabled) and the last time it was used was months ago.
I can confirm that the database of customer information has been leaked. I too created a LogMeIn account using a unique email address used nowhere else, and I too received trojan-spam at that address this morning, purporting to be from DocuSign.
What's even more disturbing is that, as a real-estate agent, I actually have a DocuSign account, which I also created with a unique email address… and at the same time I received the trojan-spam sent to my LogMeIn email address, I also received a second copy of the trojan-spam sent to my DocuSign account email address. Therefore it appears that the DocuSign customer-information database has been compromised as well.
It is especially worrisome to consider the possibility that LogMeIn and/or Docusign account passwords could have been leaked as well. Attackers able to actually log in using someone's LogMeIn credentials could conceivably have full interactive access to any number of computers and mobile devices.
I received the same thing today, to an email address that's only used for LogMeIn. I've forwarded the message to LMI support. I doubt the LMI did this intentionally, but they've obviously had a breach of some type, whether external or internal. Hopefully this is something as benign as an employee making off with a list of email addresses (as if that isn't bad enough), and not a more serious breach of their system.
I'm looking forward to a PUBLIC statement from LMI regarding this issue.