Nitro PDF Suffered A Data Breach Impacting Google, Apple, Amazon, And More

Popular PDF service provider Nitro PDF has recently suffered a massive data breach. While, they apparently strive to downplay the incident, it turns out that the breach also affected tech giants including Apple, Google, Amazon, and some others firms.

Nitro Faced Data Breach…

Reportedly, Nitro Software, the entity behind Nitro PDF has disclosed a data breach. As revealed via a statement to the Australia Stock Exchange, Nitro noticed some unauthorized access to an isolated database.

However, according to the firm, the affected database didn’t include any information that could affect its clients. As mentioned in their statement,

The relevant database supports certain Nitro online services and has been used primarily for the storage of information connected with Nitro’s free online products. The database does not contain user or customer documents.

They also assured containing the incident right after detection and to have started the investigations. Besides, they also confirmed to have found no “further malicious activity connected to the incident”.

…Other Firms Affected Too

According to Bleeping Computer, cybersecurity firm Cyble has shared details hinting at Nitro downplaying the incident.

They confirmed the stolen data from Nitro breach being sold on the dark web with a starting price from $80,000. The data includes documents making up to 1TB, and some 70 million user records that include email address, bcrypt hashed passwords, full names, IP addresses, company names, and other user data.

What’s alarming is that the breached database also includes details related to big companies like Google, Amazon, Apple, Microsoft, Citi, and Chase.

Besides, Bleeping Computer could also confirm how the exposed titles disclose explicit information including M&A activities, NDAs, financial data, and product releases.

For now, Nitro hasn’t shared any further information regarding the breach.

As for the users, they can check the security status of their accounts via amibreached.com, where Cyble has uploaded the breach data.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients