Data of 77M Nitro PDF Users Hacked, Leaked

Hackers have stolen an immense database containing the information of 77 million Nitro PDF users, reported Bleeping Computer. The 14-gigabyte file has been leaked by the attackers and is accessible for free.

The file contains a total of 77,159,696 records complete with email addresses, names, passwords, titles, company names, IP addresses, and bcrypt hashed passwords. The hack is attributed to a group called ShinyHunters.

ADVERTISEMENT

It was posted on a hacker forum by a user named Spiral. The post contains links to Have I Been Pwned and Bleeping Computer for additional information. The dump is credited to the hacker group.

 Nitro PDF Users Hacked

Nitro PDF, which is a program by Nitro Software that helps credit and edit digital documents, has more than 10,000 business customers with around 1.8 million licensed users. The software also offers a cloud service for document sharing.

ADVERTISEMENT

To help users see if their information has been compromised, the database has been added to the Have I Been Pwned system.

The breach occurred last year and was disclosed Bleeping Computer. The breach, which occurred on October 21, 2020, involves various organizations such as Apple, Chase, Citibank, Google, and Microsoft.

Nitro Software revealed this incident through an advisory to the Australia Stock Exchange saying that it suffered a “low impact security incident.” However, the notice assured customers that no customer info has been affected.

ADVERTISEMENT

However, in January, Bleeping Computer found the database being auctioned off at $80,000. This file allegedly contains 70 million user data along with 1 terabyte of documents. The report confirmed that the database is legitimate by verifying known email addresses of Nitro users.

Regardless, the information is now freely accessible on a hacker forum, with a fee of $3 for the download link. The threat actor, ShinyHunters is said to be involved in this hack and leak.

The hacker group has been going rampant over the past few months with involvement in various incidents and breaches such as Tokopedia, Mathway, Chatbooks, and many more. It is known to sell hacked data to brokers and via private sales, said Tech Times.

The report warned that malicious parties can use the information from the database for various crimes including phishing attacks and credential stuffing. Moreover, the info can also be used for identity theft.

Nitro users are advised to change their passwords to a strong and unique one. Not reusing passwords and utilizing a password manager is also advised.

No posts to display