A recently stolen database that contained about millions of email addresses, names, and passwords of Nitro PDF service users was just leaked for free today! There was reportedly 14GB of the database that was leaked and this included 77,159,696 different records along with users' email addresses, their full names, the bcrypt hashed passwords, the company names, the titles, the IP addresses, and even other system-related information.
According to the report by BleepingComputer, The database has recently been added to the particular Have I Been Pwned service which should allow its users to check out if their own individual information has in fact been compromised in this particular data breach and then leaked on the internet.
Nitro is said to be a specific application that would help its users create, edit, and even sign PDFs as well as other digital documents. This is a particular app that Nitro Software has claimed to have above 10,000 different businesses customers as well as about 1.8 million licensed users. Nitro is said to also provide certain cloud services that would easily allow its customers to share their documents along with coworkers or even any other organizations that are involved in the particular documentation process.
Nitro data breach 2021
The huge Nitro PDF data breach that BleepingComputer had first reported that took place last year also impacts a number of well-known organizations like Apple, Google, Microsoft, Citibank, and even Chase. Nitro Software has previously disclosed a certain "low impact security incident" that supposedly took place on October 21, 2020. This was noted in an advisory towards the Australia Stock Exchange that stated that there was no customer data that had been impacted.
However, BleepingComputer later found out that the database had contained alleged info of over 70 million Nitro PDF user records which all got auctioned together while including 1TB of different documents starting the bid at $80,000. BleepingComputer was then able to determine the said stolen database's authenticity after being able to confirm that known email addresses coming from Nitro accounts were found within the auctioned database.
Now, a certain threat actor that claims to be a part of the said ShinyHunters has also leaked the full database said to be for free on the given hacker forum. The said thread actor has also been able to set a price of just $3 in order to get the download link.
ShinyHunters is known to be a notorious threat actor popular for hacking certain online services then selling the stolen information through the data breach brokers or even in various private sales. In the past, ShinyHunters had said that they were officially behind certain breaches that happened at Wattpad, Homechef, Tokopedia, Promo, Minted, Dave, Chatbooks, Mathway, as well as a number of others. The information was, in fact, proven to be true.
This article is owned by Tech Times
Written by Urian Buenconsejo