Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Nitro PDF suffers massive data breach, exposing Microsoft, Google, Amazon documents

Image Description

The Australian company behind the popular PDF software Nitro PDF has suffered a data breach that also impacts many other well-known organizations including Google, Apple, Microsoft, Case and Citibank.

As reported by BleepingComputer, Nitro PDF is used by over 10 thousand business customers and 1.8m licensed users. However, the company also offers a cloud service that can be used by customers to share documents with coworkers as well as with employees at other organizations.

In an advisory published on the investor relations section of its site, Nitro Software informed its customers that it had suffered a “low impact security incident” though no sensitive financial data was impacted, saying:

“Nitro's investigation into the incident remains ongoing. There is no evidence currently that any sensitive or financial data relating to customers has been impacted or that any information has been misused. Nitro has elevated its monitoring and security protocols and has not identified any further malicious activity connected to the incident.”

Nitro Software data breach

Although Nitro Software claims that no sensitive financial data was lost as a result of the breach, the cybersecurity firm Cyble has revealed to BleepingComputer that the company's user and document databases as well as 1TB of documents allegedly stolen from the company are being sold online in a private auction starting at $80,000.

According to Cyble, the user credential database table contains 70m user records which contain the email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses and other system data from Nitro Software's customers.

For instance, the database reportedly contains 17,137 documents from Amazon, 6,405 from Apple, 137,285 from Citi, 32,153 from Google and 2,390 from Microsoft. There is also a great deal of information related to financial reports, M&A activities, NDAs and product releases included in the database.

TechRadar Pro has reached out to Nitro Software for a statement on the matter but we've yet to hear back at the time of writing. Hopefully we'll find out more on the extent of the data breach once the company's investigation into the matter comes to a close.

Via BleepingComputer

Date

27 Oct 2020

Sources


Share


Other Blog

  • Best VoIP headsets

    We take a look at some of the best VoIP headsets available on the market for all budgets.

    Read More
  • GoDaddy promises faster invoicing processing time for website designers

    GoDaddy prioritizes invoicing and payments through an integrated user interface for web developers.

    Read More
  • Which Norton antivirus plan should I get?

    Want Norton virus protection, but not sure which suite to buy? We’ve got all the answers, as we consider its AntiVirus Plus and 360 packages.

    Read More
  • The average ransomware group only lives for two years

    Ransomware groups are something of a Phoenix - they live short lives, burn out quickly, but are often reborn and come back stronger and more destructive.

    A new IBM Security report claims the average ransomware group “lives” less than two years - 17 months, on average, in fact. This is, in part, due to increasing pressure from governments and law enforcement agencies, which have successfully dismantled some of the biggest threat actors in the ransomware space, in these past couple of years.

    However, IBM Security’s data suggests that many of these groups could go into hiatus, rebrand, build entirely new infrastructure from scratch, using all of the previous experience, and than come back stronger and even more destructive.

    TechRadar needs you!

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    >> Click here to start the survey in a new window

    Transforming with ease

    According to the report, that’s hardly an issue for these groups, as they’ve gathered enough resources from their previous operations to successfully fund any change. 

    Elsewhere in the report, the researchers are saying ransomware operators were mostly targeting manufacturing organizations. The Covid-19 pandemic has put tremendous pressure on the supply chain, something many threat actors were acutely aware of.

    As a result, almost a quarter of all cyberattacks happening globally, were against manufacturers.

    What’s more, in Asia, the foundation of many of the world’s supply chains, manufacturing was one of the top-attacked industries. 

    All of this leads IBM’s researchers to believe that ransomware groups won’t be going anywhere, any time soon, and that the efforts to eliminate them, while commendable, probably won’t suffice. That’s why businesses need to protect themselves, by updating their disaster recovery plans, refreshing their resilience strategies, training their employees to spot phishing and social engineering attacks, and keeping their hardware and software up to date. 

    Having an antivirus and a firewall will not keep most threat actors at bay, as their attacks against employees have grown frighteningly sophisticated. Deploying a zero-trust strategy and staying vigilant is the best way forward, experts are saying.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us