Foxit Software, makers of the Foxit PDF application, revealed last Thursday, August 30, 2019, details of the breach it suffered. A total of 328,549 accounts became affected in the data breach.
According to ZD Net, the software developer notified the affected members of the public through an email. The notice disclosed the vulnerability of the company’s website, particularly the ‘My Account’ section. Under this, users’ names, email addresses, company names, phone numbers, user account passwords, and IP addresses became compromised.
Hackers gained access to this confidential information and leaked some information to the public. Despite this news, the firm maintains that no payment information became exposed in the process.
With attackers gaining access to the IP addresses of customers, ZD Net believes the breach stemmed from Foxit’s backend infrastructure. The news site believes the incident is a backend infrastructure vulnerability, instead of a credential stuffing attack.
To address the breach, Foxit reported the incident to law enforcement agencies and data protection specialists. Moreover, the company also revealed it hired a third-party security management provider to further investigate the event. Besides investigating, the security management provider will also enhance and strengthen the security systems in place.
Foxit believes in securing the safety and security of its clients. Because of this, the cybersecurity advisory notice informed the public that it reached out to affected users.
Following the attack, the business immediately notified the affected customers via email. The email urged users to reset and change their passwords to gain access to their respective ‘My Account’ section. The software developer reportedly invalidated passwords for users with compromised information.
Apart from this, Foxit also encouraged users to go over their statement and go over credit monitoring reports. Doing so allows customers to protect their identity and keep their finances in check.
While the company disclosed the data breach, ZD Net states the firm failed to reveal when the actual breach occurred. Furthermore, Foxit also failed to divulge information regarding the security of the passwords. Passwords in the plaintext are prone to attacks from the get-go, while those hashed maintains an extra level of security.
ZD Net reached out to the company for further comment on these issues. However, Foxit remained mum about updates on the incident.
Foxit Software provides services to around 325 million people around the globe. In addition, the business also claims that it has around 100,000 paying customers for its PDF services. Though it partnered with security management firms, there is no information regarding the identity of the hacker, states PC Mag.