How 77 million Nitro PDF users’ data was leaked online


Share on facebook
Share on twitter
Share on linkedin

Last week, one of the largest data leaks seen over the last year was confirmed. A stolen database containing the emails, names, and passwords of more than 77 million records of Nitro PDF was released on the internet for free.

Nitro is an application that allows users to create, edit, and sign PDFs and digital documents. Nitro Software claims to have over 10,000 business customers and roughly 1.8 million licensed users globally.

The company also provides a cloud service that customers can use to share documents with coworkers or other organisations involved in the document creation process.

The 14GB leak contained full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information.

The database has been added to the Have I Been Pwned service which allows users to check if their info has been compromised in this breach.

Nitro PDF user records' contents
Nitro PDF user records’ contents

BleepingComputer first reported last year that the massive Nitro PDF data breach also impacts many well-known organisations including Google, Apple, Microsoft, Chase, and Citibank.

Nitro Software disclosed a “low impact security incident” on October 21, 2020, in an advisory to the Australian Stock Exchange, stating that “no customer data was impacted”.

However, the 70 million user record lead was subsequently auctioned together with 1TB of documents for a starting price set at $80,000 on the internet in December.

BleepingComputer was able to determine the stolen database’s authenticity after confirming that known email addresses of Nitro accounts were present in the auctioned database.

A threat actor claiming to be a part of the “ShinyHunters” group leaked the full database for free on a hacker forum, setting a $3 price for access to the download link. ShinyHunters is a notorious threat actor group known for hacking online services and selling stolen information via data breach brokers.

Nitro PDF leak
Nitro PDF database leaked for free

Impacted Nitro PDF users have been advised to change their passwords to a strong, unique password which they shouldn’t use for any other website or online service.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.