Last fall, the developer of the well-known PDF tool, Nitro, leaked their customers’ data. Then the company representatives assured that the incident did not have a serious impact on the work of Nitro PDF, and user data was not affected. However, information security experts reported that hackers are selling user databases and databases with documents stolen from the company at a private auction, as well as more than 1 TB of various documentation. The starting price for this data started at $ 80,000.
Let me remind you that Nitro solutions for creating, editing and signing PDF-files and digital documents are used by more than 10,000 business customers and 1,800,000 users around the world. In addition, Nitro provides a cloud service for its users to exchange documents with colleagues or other organizations. Thus, due to last year’s incident, not only ordinary users suffered, but also such giants as Google, Apple, Microsoft, Chase and Citibank.
As Bleeping Computer now reports , the well-known leak aggregator Have I Been Pwned updated its database with Nitro PDF customer data this week. The 14 GB database “leaked” to the network contains 77,159,696 entries with user email addresses, their full names, bcrypt hashed passwords, company names, IP addresses and other system information.
The database was circulated online by someone claiming to be a member of the Shiny Hunters hack group, which has repeatedly claimed responsibility for major data leaks in the past. The attacker published the database on a hacker forum, charging a nominal $ 3 fee to access the download link.
Since the leak can be used for phishing or credential stuffing attacks, Nitro PDF users are strongly advised to change their passwords and remain vigilant.