Digital signature service DocuSign said Monday that an unnamed third-party had got access to email addresses of its users after hacking into its systems.

The hackers gained temporary access to a peripheral sub-system for communicating service-related announcements to users through email, the company said. It confirmed after what it described as a complete forensic analysis that only email addresses were accessed, and not other details such as names, physical addresses, passwords, social security numbers, credit card data or other information.

“No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure,” DocuSign said in a post.

DocuSign claims more than 200 million users in 188 countries. It said on its website that 12 of the of the top 15 U.S. financial services companies and 12 of the top 15 U.S. insurance carriers use DocuSign.

The company has since earlier this month said it was monitoring malicious emails that had the subject lines: “Completed: docusign.com - Wire Transfer Instructions for recipient-name Document Ready for Signature,” or “Completed *company name* - Accounting Invoice *number* Document Ready for Signature,” and used DocuSign branding in the headers and body of the email. The emails had links to a downloadable Word document that was meant to trick users into running macro-enabled malware.

The company said the mails were being sent from domains that were not related to DocuSign, but by Monday it was suggesting that the email ids had come from a hack of its own system.

DocuSign said it had taken action quickly to block unauthorized access to the system, added further security controls, and is working with law enforcement agencies. It said it was alerting users as a matter of abundant caution to take measures such as forwarding to the company any suspicious emails relating to DocuSign and deleting them from their systems, and ensuring their anti-virus software is enabled and updated.