Last week, one of the largest data leaks seen over the last year was confirmed. A stolen database containing the emails, names, and passwords of more than 77 million records of Nitro PDF was released on the internet for free.
Nitro is an application that allows users to create, edit, and sign PDFs and digital documents. Nitro Software claims to have over 10,000 business customers and roughly 1.8 million licensed users globally.
The company also provides a cloud service that customers can use to share documents with coworkers or other organisations involved in the document creation process.
The 14GB leak contained full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information.
The database has been added to the Have I Been Pwned service which allows users to check if their info has been compromised in this breach.
BleepingComputer first reported last year that the massive Nitro PDF data breach also impacts many well-known organisations including Google, Apple, Microsoft, Chase, and Citibank.
Nitro Software disclosed a “low impact security incident” on October 21, 2020, in an advisory to the Australian Stock Exchange, stating that “no customer data was impacted”.
However, the 70 million user record lead was subsequently auctioned together with 1TB of documents for a starting price set at $80,000 on the internet in December.
BleepingComputer was able to determine the stolen database’s authenticity after confirming that known email addresses of Nitro accounts were present in the auctioned database.
A threat actor claiming to be a part of the “ShinyHunters” group leaked the full database for free on a hacker forum, setting a $3 price for access to the download link. ShinyHunters is a notorious threat actor group known for hacking online services and selling stolen information via data breach brokers.
Impacted Nitro PDF users have been advised to change their passwords to a strong, unique password which they shouldn’t use for any other website or online service.