Consumer Rights Wiki - User contributions [en]

Nitro Pro

2025-05-23T23:13:12Z

Apparatus: Fixed typos

{{InfoboxProductLine
| Title = Nitro Pro
| Release Year = 2018
| Product Type = Software
| In Production = Yes
| Official Website = https://www.gonitro.com/
| Logo = Nitro_Pro_Icon.png
}}

'''Nitro Pro''' is a Portable Document Format (PDF) editing application<ref>{{cite web |title=Nitro Pro 12 review: A better document workflow |url=https://www.pcworld.com/article/3278587/software/nitro-pro-12-pdf-editor-review.html |access-date=31 October 2018 |website=PC Magazine}}</ref> and electronic signature software.<ref>{{Cite web |date= |title=Nitro PDF Pro |url=https://studentit.unimelb.edu.au/software/nitro-pdf-pro |access-date=August 15, 2024 |website=The University of Melbourne}}</ref>

==Background==
Claimed to be used by over 10 thousand business customers and 1.8 million licensed users, Nitro is an application used to create, edit, and sign PDFs and digital documents. As part of their service offering, Nitro offers a cloud service used by customers to share documents with coworkers or other organizations involved in the document creation process. A massive data breach suffered by the Nitro PDF service impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank.<ref name=":0">{{Cite web |title=Massive Nitro data breach impacts Microsoft, Google, Apple, more |url=https://www.bleepingcomputer.com/news/security/massive-nitro-data-breach-impacts-microsoft-google-apple-more/ |access-date=2025-05-23 |website=BleepingComputer}}</ref>

==Incident==
In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. Cybersecurity intelligence firm Cyble has told BleepingComputer that a threat actor is selling the user and document databases, as well as 1TB of documents, that they claim to have stolen from Nitro Software's cloud service. Cyble states that the 'user_credential' database table contains 70 million user records containing email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data.<ref name=":0" />

===Nitro's response===
On October 21st, Nitro Software issued an advisory to the Australia Stock Exchange, stating that they were affected by a "low impact security incident" but that no customer data was impacted. Despite Nitro's advisory, the data breach exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.<ref>{{Cite web |title=Nitro |url=https://haveibeenpwned.com/breach/Nitro |access-date=2025-05-23 |website=Have I Been Pwned}}</ref>

==Lawsuit==
{{Placeholder box|If applicable, add any information regarding litigation around the incident here.

===Claims===
Main claims of the suit.

===Rebuttal===
The response of the company or counterclaims.

===Outcome===
The outcome of the suit, if any.}}

==Consumer response==
{{Placeholder box|Summary and key issues of prevailing sentiment from the consumers and commentators that can be documented via articles, emails to support, reviews and forum posts.}}

==References==
{{reflist}}

{{Placeholder box|[[mw:Help:VisualEditor/User_guide#Editing_categories|Add a category]] with the same name as the product, service, website, software, product line or company that this article is about.

The "Incidents" category is not needed.}}

Nitro Pro

2025-05-23T21:12:21Z

Apparatus: Removed empty link

{{InfoboxProductLine
| Title = Nitro Pro
| Release Year = 2018
| Product Type = Software
| In Production = Yes
| Official Website = https://www.gonitro.com/
| Logo = Nitro_Pro_Icon.png
}}

'''Nitro Pro''' is a Portable Document Format (PDF) editing application<ref>{{cite web |title=Nitro Pro 12 review: A better document workflow |url=https://www.pcworld.com/article/3278587/software/nitro-pro-12-pdf-editor-review.html |access-date=31 October 2018 |website=PC Magazine}}</ref> and electronic signature software.<ref>{{Cite web |date= |title=Nitro PDF Pro |url=https://studentit.unimelb.edu.au/software/nitro-pdf-pro |access-date=August 15, 2024 |website=The University of Melbourne}}</ref>

==Background==
Claimed to be used by over 10 thousand business customers and 1.8 million licensed users, Nitro is an application used to create, edit, and sign PDFs and digital documents. As part of their service offering, Nitro offers a cloud service used by customers to share documents with coworkers or other organizations involved in the document creation process.
A massive data breach suffered by the Nitro PDF service impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank.<ref name=":0">{{Cite web |title=Massive Nitro data breach impacts Microsoft, Google, Apple, more |url=https://www.bleepingcomputer.com/news/security/massive-nitro-data-breach-impacts-microsoft-google-apple-more/ |access-date=2025-05-23 |website=BleepingComputer}}</ref>

==Incident==
In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.
Cybersecurity intelligence firm Cyble has told BleepingComputer that a threat actor is selling the user and document databases, as well as 1TB of documents, that they claim to have stolen from Nitro Software's cloud service. Cyble states that the 'user_credential' database table contains 70 million user records containing email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data.<ref name=":0" />

===Nitro's response===
On October 21st, Nitro Software issued an advisory to the Australia Stock Exchange, stating that they were affected by a "low impact security incident" but that no customer data was impacted.
Despite Nitro's advisory, the data breach exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.<ref>{{Cite web |title=Nitro |url=https://haveibeenpwned.com/breach/Nitro |access-date=2025-05-23 |website=Have I Been Pwned}}</ref>

==Lawsuit==
{{Placeholder box|If applicable, add any information regarding litigation around the incident here.

===Claims===
Main claims of the suit.

===Rebuttal===
The response of the company or counterclaims.

===Outcome===
The outcome of the suit, if any.}}

==Consumer response==
{{Placeholder box|Summary and key issues of prevailing sentiment from the consumers and commentators that can be documented via articles, emails to support, reviews and forum posts.}}

==References==
{{reflist}}

{{Placeholder box|[[mw:Help:VisualEditor/User_guide#Editing_categories|Add a category]] with the same name as the product, service, website, software, product line or company that this article is about.

The "Incidents" category is not needed.}}

Nitro Pro

2025-05-23T21:07:49Z

Apparatus: Adding Infobox to product page

{{InfoboxProductLine
| Title = Nitro Pro
| Release Year = 2018
| Product Type = Software
| In Production = Yes
| Official Website = https://www.gonitro.com/
| Logo = Nitro_Pro_Icon.png
}}

'''Nitro Pro''' is a [[Portable Document Format]] (PDF) editing application<ref>{{cite web |title=Nitro Pro 12 review: A better document workflow |url=https://www.pcworld.com/article/3278587/software/nitro-pro-12-pdf-editor-review.html |access-date=31 October 2018 |website=PC Magazine}}</ref> and electronic signature software.<ref>{{Cite web |date= |title=Nitro PDF Pro |url=https://studentit.unimelb.edu.au/software/nitro-pdf-pro |access-date=August 15, 2024 |website=The University of Melbourne}}</ref>

==Background==
Claimed to be used by over 10 thousand business customers and 1.8 million licensed users, Nitro is an application used to create, edit, and sign PDFs and digital documents. As part of their service offering, Nitro offers a cloud service used by customers to share documents with coworkers or other organizations involved in the document creation process.
A massive data breach suffered by the Nitro PDF service impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank.<ref name=":0">{{Cite web |title=Massive Nitro data breach impacts Microsoft, Google, Apple, more |url=https://www.bleepingcomputer.com/news/security/massive-nitro-data-breach-impacts-microsoft-google-apple-more/ |access-date=2025-05-23 |website=BleepingComputer}}</ref>

==Incident==
In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.
Cybersecurity intelligence firm Cyble has told BleepingComputer that a threat actor is selling the user and document databases, as well as 1TB of documents, that they claim to have stolen from Nitro Software's cloud service. Cyble states that the 'user_credential' database table contains 70 million user records containing email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data.<ref name=":0" />

===Nitro's response===
On October 21st, Nitro Software issued an advisory to the Australia Stock Exchange, stating that they were affected by a "low impact security incident" but that no customer data was impacted.
Despite Nitro's advisory, the data breach exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.<ref>{{Cite web |title=Nitro |url=https://haveibeenpwned.com/breach/Nitro |access-date=2025-05-23 |website=Have I Been Pwned}}</ref>

==Lawsuit==
{{Placeholder box|If applicable, add any information regarding litigation around the incident here.

===Claims===
Main claims of the suit.

===Rebuttal===
The response of the company or counterclaims.

===Outcome===
The outcome of the suit, if any.}}

==Consumer response==
{{Placeholder box|Summary and key issues of prevailing sentiment from the consumers and commentators that can be documented via articles, emails to support, reviews and forum posts.}}

==References==
{{reflist}}

{{Placeholder box|[[mw:Help:VisualEditor/User_guide#Editing_categories|Add a category]] with the same name as the product, service, website, software, product line or company that this article is about.

The "Incidents" category is not needed.}}

File:Nitro Pro logo.png

2025-05-23T21:06:36Z

Apparatus: This image was retrieved from wikipedia.org.

== Summary ==
This image was retrieved from wikipedia.org.

Nitro Pro

2025-05-23T19:35:05Z

Apparatus: Adding reference

'''Nitro Pro''' is a [[Portable Document Format]] (PDF) editing application<ref>{{cite web |title=Nitro Pro 12 review: A better document workflow |url=https://www.pcworld.com/article/3278587/software/nitro-pro-12-pdf-editor-review.html |access-date=31 October 2018 |website=PC Magazine}}</ref> and electronic signature software.<ref>{{Cite web |date= |title=Nitro PDF Pro |url=https://studentit.unimelb.edu.au/software/nitro-pdf-pro |access-date=August 15, 2024 |website=The University of Melbourne}}</ref>

==Background==
Claimed to be used by over 10 thousand business customers and 1.8 million licensed users, Nitro is an application used to create, edit, and sign PDFs and digital documents. As part of their service offering, Nitro offers a cloud service used by customers to share documents with coworkers or other organizations involved in the document creation process.
A massive data breach suffered by the Nitro PDF service impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank.<ref name=":0">{{Cite web |title=Massive Nitro data breach impacts Microsoft, Google, Apple, more |url=https://www.bleepingcomputer.com/news/security/massive-nitro-data-breach-impacts-microsoft-google-apple-more/ |access-date=2025-05-23 |website=BleepingComputer}}</ref>

==Incident==
In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.
Cybersecurity intelligence firm Cyble has told BleepingComputer that a threat actor is selling the user and document databases, as well as 1TB of documents, that they claim to have stolen from Nitro Software's cloud service. Cyble states that the 'user_credential' database table contains 70 million user records containing email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data.<ref name=":0" />

===Nitro's response===
On October 21st, Nitro Software issued an advisory to the Australia Stock Exchange, stating that they were affected by a "low impact security incident" but that no customer data was impacted.
Despite Nitro's advisory, the data breach exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.<ref>{{Cite web |title=Nitro |url=https://haveibeenpwned.com/breach/Nitro |access-date=2025-05-23 |website=Have I Been Pwned}}</ref>

==Lawsuit==
{{Placeholder box|If applicable, add any information regarding litigation around the incident here.

===Claims===
Main claims of the suit.

===Rebuttal===
The response of the company or counterclaims.

===Outcome===
The outcome of the suit, if any.}}

==Consumer response==
{{Placeholder box|Summary and key issues of prevailing sentiment from the consumers and commentators that can be documented via articles, emails to support, reviews and forum posts.}}

==References==
{{reflist}}

{{Placeholder box|[[mw:Help:VisualEditor/User_guide#Editing_categories|Add a category]] with the same name as the product, service, website, software, product line or company that this article is about.

The "Incidents" category is not needed.}}

Nitro Pro

2025-05-23T19:16:49Z

Apparatus: Created page regarding Nitro Pro's 2020 data breach incident

'''Nitro Pro''' is a [[Portable Document Format]] (PDF) editing application<ref>{{cite web |title=Nitro Pro 12 review: A better document workflow |url=https://www.pcworld.com/article/3278587/software/nitro-pro-12-pdf-editor-review.html |access-date=31 October 2018 |website=PC Magazine}}</ref> and electronic signature software.<ref>{{Cite web |date= |title=Nitro PDF Pro |url=https://studentit.unimelb.edu.au/software/nitro-pdf-pro |access-date=August 15, 2024 |website=The University of Melbourne}}</ref>

==Background==
{{Placeholder box|Claimed to be used by over 10 thousand business customers and 1.8 million licensed users, Nitro is an application used to create, edit, and sign PDFs and digital documents. As part of their service offering, Nitro offers a cloud service used by customers to share documents with coworkers or other organizations involved in the document creation process.

A massive data breach suffered by the Nitro PDF service impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank.}}

==Incident==
{{Placeholder box|In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.

Cybersecurity intelligence firm Cyble has told BleepingComputer that a threat actor is selling the user and document databases, as well as 1TB of documents, that they claim to have stolen from Nitro Software's cloud service. Cyble states that the 'user_credential' database table contains 70 million user records containing email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data.}}

===Nitro's response===
{{Placeholder box|On October 21st, Nitro Software issued an advisory to the Australia Stock Exchange, stating that they were affected by a "low impact security incident" but that no customer data was impacted.

Despite Nitro's advisory, the data breach exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.}}
==Lawsuit==
{{Placeholder box|If applicable, add any information regarding litigation around the incident here.

===Claims===
Main claims of the suit.

===Rebuttal===
The response of the company or counterclaims.

===Outcome===
The outcome of the suit, if any.}}

==Consumer response==
{{Placeholder box|Summary and key issues of prevailing sentiment from the consumers and commentators that can be documented via articles, emails to support, reviews and forum posts.}}

==References==
{{reflist}}

{{Placeholder box|[[mw:Help:VisualEditor/User_guide#Editing_categories|Add a category]] with the same name as the product, service, website, software, product line or company that this article is about.

The "Incidents" category is not needed.}}

AT&T

2025-05-23T15:57:55Z

Apparatus: /* References: */

{{StubNotice}}

{{InfoboxCompany
| Name = AT&T
| Type = Public
| Founded = 1885
| Industry = Telecommunications
| Official Website = https://att.com/
| Logo = AT&T.png
}}

[[wikipedia:AT&T|'''AT&T, Inc.''']] is a major telecommunications holding company headquartered in Dallas, Texas. AT&T owns several smaller telecommunications companies, including Cricket Wireless and DIRECTV. <ref>https://www.sec.gov/Archives/edgar/data/732717/000073271718000009/ex21.htm</ref>

In 2017, the Electronic Frontier Foundation awarded AT&T with a 1 out of 5 stars privacy rating, the same as AT&T's largest competitors, Verizon and T-Mobile.<ref>https://web.archive.org/web/20180915003333/https://www.eff.org/who-has-your-back-2017</ref>

==Consumer impact summary==
{{Placeholder box|Overview of concerns that arise from the company's conduct regarding (if applicable):
* User Freedom
* User Privacy
* Business Model
* Market Control}}

==Incidents==

===Selling consumer data (2024)===
FCC found that all major telecommunications companies were illegally selling customer's location data. IFCC fined AT&T, Sprint, T-Mobile, and Verizon nearly $200 million, AT&T's share amounted to 0.22% of their net annual income.<ref group="Video References">https://youtube.com/watch?v=mdZt7ox1DDs</ref>

===Massive data breach (March 2024)===
In March 2024, tens of millions of records allegedly breached from AT&T were posted to a popular hacking forum<ref>https://www.troyhunt.com/inside-the-massive-alleged-att-data-breach</ref>. Dating back to August 2021, the data was originally posted for sale before later being freely released. At the time, AT&T maintained that there had not been a breach of their systems and that the data originated from elsewhere. 12 days later, AT&T acknowledged that data fields specific to them were in the breach and that it was not yet known whether the breach occurred at their end or that of a vendor<ref>https://about.att.com/story/2024/addressing-data-set-released-on-dark-web.html</ref>. AT&T also proceeded to reset customer account passcodes<ref>https://techcrunch.com/2024/03/30/att-reset-account-passcodes-customer-data/</ref>, an indicator that there was sufficient belief passcodes had been compromised. The incident exposed names, email and physical addresses, dates of birth, phone numbers and US social security numbers.

==Products==
{{Placeholder box|This is a list of the company's product lines '''with articles on this wiki'''.
* [[Example product line one]] (release date): Short summary of the product's incidents.
* [[Example product line two]] (release date):}}

==See also==
{{Placeholder box|Link to relevant theme articles or companies with similar incidents.}}

==References:==
<references />

===Video references:===
<references group="Video References" />
[[Category:AT&T]]

AT&T

2025-05-23T15:46:11Z

Apparatus: /* Massive data breach (March 2024) */

{{StubNotice}}

{{InfoboxCompany
| Name = AT&T
| Type = Public
| Founded = 1885
| Industry = Telecommunications
| Official Website = https://att.com/
| Logo = AT&T.png
}}

[[wikipedia:AT&T|'''AT&T, Inc.''']] is a major telecommunications holding company headquartered in Dallas, Texas. AT&T owns several smaller telecommunications companies, including Cricket Wireless and DIRECTV. <ref>https://www.sec.gov/Archives/edgar/data/732717/000073271718000009/ex21.htm</ref>

In 2017, the Electronic Frontier Foundation awarded AT&T with a 1 out of 5 stars privacy rating, the same as AT&T's largest competitors, Verizon and T-Mobile.<ref>https://web.archive.org/web/20180915003333/https://www.eff.org/who-has-your-back-2017</ref>

==Consumer impact summary==
{{Placeholder box|Overview of concerns that arise from the company's conduct regarding (if applicable):
* User Freedom
* User Privacy
* Business Model
* Market Control}}

==Incidents==

===Selling consumer data (2024)===
FCC found that all major telecommunications companies were illegally selling customer's location data. IFCC fined AT&T, Sprint, T-Mobile, and Verizon nearly $200 million, AT&T's share amounted to 0.22% of their net annual income.<ref group="Video References">https://youtube.com/watch?v=mdZt7ox1DDs</ref>

===Massive data breach (March 2024)===
In March 2024, tens of millions of records allegedly breached from AT&T were posted to a popular hacking forum<ref>{{Cite web |url=https://www.troyhunt.com/inside-the-massive-alleged-att-data-breach/}}</ref>. Dating back to August 2021, the data was originally posted for sale before later being freely released. At the time, AT&T maintained that there had not been a breach of their systems and that the data originated from elsewhere. 12 days later, AT&T acknowledged that data fields specific to them were in the breach and that it was not yet known whether the breach occurred at their end or that of a vendor<ref>{{Cite web |url=https://about.att.com/story/2024/addressing-data-set-released-on-dark-web.html}}</ref>. AT&T also proceeded to reset customer account passcodes<ref>{{Cite web |url=https://techcrunch.com/2024/03/30/att-reset-account-passcodes-customer-data/}}</ref>, an indicator that there was sufficient belief passcodes had been compromised. The incident exposed names, email and physical addresses, dates of birth, phone numbers and US social security numbers.

==Products==
{{Placeholder box|This is a list of the company's product lines '''with articles on this wiki'''.
* [[Example product line one]] (release date): Short summary of the product's incidents.
* [[Example product line two]] (release date):}}

==See also==
{{Placeholder box|Link to relevant theme articles or companies with similar incidents.}}

==References:==
<references />

===Video references:===
<references group="Video References" />
[[Category:AT&T]]

AT&T

2025-05-23T04:40:32Z

Apparatus: Added information about recent data breach event (March 2024).

{{StubNotice}}

{{InfoboxCompany
| Name = AT&T
| Type = Public
| Founded = 1885
| Industry = Telecommunications
| Official Website = https://att.com/
| Logo = AT&T.png
}}

[[wikipedia:AT&T|'''AT&T, Inc.''']] is a major telecommunications holding company headquartered in Dallas, Texas. AT&T owns several smaller telecommunications companies, including Cricket Wireless and DIRECTV. <ref>https://www.sec.gov/Archives/edgar/data/732717/000073271718000009/ex21.htm</ref>

In 2017, the Electronic Frontier Foundation awarded AT&T with a 1 out of 5 stars privacy rating, the same as AT&T's largest competitors, Verizon and T-Mobile.<ref>https://web.archive.org/web/20180915003333/https://www.eff.org/who-has-your-back-2017</ref>

==Consumer impact summary==
{{Placeholder box|Overview of concerns that arise from the company's conduct regarding (if applicable):
* User Freedom
* User Privacy
* Business Model
* Market Control}}

==Incidents==

===Selling consumer data (2024)===
FCC found that all major telecommunications companies were illegally selling customer's location data. IFCC fined AT&T, Sprint, T-Mobile, and Verizon nearly $200 million, AT&T's share amounted to 0.22% of their net annual income.<ref group="Video References">https://youtube.com/watch?v=mdZt7ox1DDs</ref>

===Massive data breach (March 2024)===
In March 2024, tens of millions of records allegedly breached from AT&T were posted to a popular hacking forum<ref>{{Cite web |title= |url=https://www.troyhunt.com/inside-the-massive-alleged-att-data-breach/}}</ref>. Dating back to August 2021, the data was originally posted for sale before later being freely released. At the time, AT&T maintained that there had not been a breach of their systems and that the data originated from elsewhere. 12 days later, AT&T acknowledged that data fields specific to them were in the breach and that it was not yet known whether the breach occurred at their end or that of a vendor<ref>{{Cite web |title= |url=https://about.att.com/story/2024/addressing-data-set-released-on-dark-web.html}}</ref>. AT&T also proceeded to reset customer account passcodes<ref>{{Cite web |title= |url=https://techcrunch.com/2024/03/30/att-reset-account-passcodes-customer-data/}}</ref>, an indicator that there was sufficient belief passcodes had been compromised. The incident exposed names, email and physical addresses, dates of birth, phone numbers and US social security numbers.

==Products==
{{Placeholder box|This is a list of the company's product lines '''with articles on this wiki'''.
* [[Example product line one]] (release date): Short summary of the product's incidents.
* [[Example product line two]] (release date):}}

==See also==
{{Placeholder box|Link to relevant theme articles or companies with similar incidents.}}

==References:==
<references />

===Video references:===
<references group="Video References" />
[[Category:AT&T]]