Massive Nitro data breach impacts Microsoft, Google, Apple, more

silversurfer

Level 68
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
5,771
A massive data breach suffered by the Nitro PDF service impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank.

Claimed to be used by over 10 thousand business customers and 1.8 million licensed users, Nitro is an application used to create, edit, and sign PDFs and digital documents.

As part of their service offering, Nitro offers a cloud service used by customers to share documents with coworkers or other organizations involved in the document creation process.

On October 21st, Nitro Software issued an advisory to the Australia Stock Exchange, stating that they were affected by a "low impact security incident" but that no customer data was impacted. [...]
Read more below:
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,131
Cyble states that the 'user_credential' database table contains 70 million user records containing email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data.
If the threat actors stole the documents as they claim, this could be one of the worst corporate data breaches we have seen in a while. As Nitro is commonly used by businesses to sign sensitive financial, legal, and marketing documents digitally, it could allow for the leaking of information that would significantly impact a company's business.
 
Top