The Australian company behind the popular PDF software Nitro PDF has suffered a data breach that also impacts many other well-known organizations including Google, Apple, Microsoft, Case and Citibank.
As reported by BleepingComputer, Nitro PDF is used by over 10 thousand business customers and 1.8m licensed users. However, the company also offers a cloud service that can be used by customers to share documents with coworkers as well as with employees at other organizations.
In an advisory published on the investor relations section of its site, Nitro Software informed its customers that it had suffered a “low impact security incident” though no sensitive financial data was impacted, saying:
“Nitro’s investigation into the incident remains ongoing. There is no evidence currently that any sensitive or financial data relating to customers has been impacted or that any information has been misused. Nitro has elevated its monitoring and security protocols and has not identified any further malicious activity connected to the incident.”
Nitro Software data breach
Although Nitro Software claims that no sensitive financial data was lost as a result of the breach, the cybersecurity firm Cyble has revealed to BleepingComputer that the company’s user and document databases as well as 1TB of documents allegedly stolen from the company are being sold online in a private auction starting at $80,000.
According to Cyble, the user credential database table contains 70m user records which contain the email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses and other system data from Nitro Software’s customers.
For instance, the database reportedly contains 17,137 documents from Amazon, 6,405 from Apple, 137,285 from Citi, 32,153 from Google and 2,390 from Microsoft. There is also a great deal of information related to financial reports, M&A activities, NDAs and product releases included in the database.
TechRadar Pro has reached out to Nitro Software for a statement on the matter but we’ve yet to hear back at the time of writing. Hopefully we’ll find out more on the extent of the data breach once the company’s investigation into the matter comes to a close.