Last October 2020, Nitro Software disclosed that it fell victim to a “low priority security incident”, and that no user data was compromised. However, fast-forward to today, that was not the case. A hacker has just leaked a database containing 77 million user accounts of the Nitro PDF service, free for other threat actors to utilize in their phishing campaigns.
The leak is composed of over 77 million user names, email addresses, company names, passwords, IP addresses and other information, contained within a 14GB database. Nitro PDF is an alternative to Adobe Acrobat, whose expensive nature has driven many users of the ubiquitous PDF file format to purchase less expensive and sometimes feature-rich solutions.
Aside from a PDF editor, Nitro Software also has a cloud-driven service where customers can share documents with other co-workers and other companies. Nitro is one of the more popular alternative PDF editors used by over 10,000 companies and 1.8m licensed users. These companies include Apple, Chase, Citibank, Google and Microsoft.
This massive user database was part of over 1TB of data stolen from Nitro software which includes company documents and was auctioned off for as much as 80,000 dollars. Apparently the documents were the more important part of the leak and the winner published the user accounts for free.
This winner claims to be part of the ShinyHunters group which is infamous for hacking many online services Their victims include Promo, Wattpad, Homechef, Chatbooks and Tokopedia.
Users worried if they’re included, can check the “Have I Been Pwned” or “AmIBreached” services. Better yet, change their credentials immediately as some users tend to use the same accounts and passwords on many other subscriptions. It is recommended for users to use a strong password, a password manager as well as employ multi-factor authentication if possible.