Nitro Pro: Difference between revisions
Created page regarding Nitro Pro's 2020 data breach incident |
m Adding reference |
||
| Line 2: | Line 2: | ||
==Background== | ==Background== | ||
Claimed to be used by over 10 thousand business customers and 1.8 million licensed users, Nitro is an application used to create, edit, and sign PDFs and digital documents. As part of their service offering, Nitro offers a cloud service used by customers to share documents with coworkers or other organizations involved in the document creation process. | |||
A massive data breach suffered by the Nitro PDF service impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank.<ref name=":0">{{Cite web |title=Massive Nitro data breach impacts Microsoft, Google, Apple, more |url=https://www.bleepingcomputer.com/news/security/massive-nitro-data-breach-impacts-microsoft-google-apple-more/ |access-date=2025-05-23 |website=BleepingComputer}}</ref> | |||
A massive data breach suffered by the Nitro PDF service impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank.}} | |||
==Incident== | ==Incident== | ||
In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com. | |||
Cybersecurity intelligence firm Cyble has told BleepingComputer that a threat actor is selling the user and document databases, as well as 1TB of documents, that they claim to have stolen from Nitro Software's cloud service. Cyble states that the 'user_credential' database table contains 70 million user records containing email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data.<ref name=":0" /> | |||
Cybersecurity intelligence firm Cyble has told BleepingComputer that a threat actor is selling the user and document databases, as well as 1TB of documents, that they claim to have stolen from Nitro Software's cloud service. Cyble states that the 'user_credential' database table contains 70 million user records containing email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data. | |||
===Nitro's response=== | ===Nitro's response=== | ||
On October 21st, Nitro Software issued an advisory to the Australia Stock Exchange, stating that they were affected by a "low impact security incident" but that no customer data was impacted. | |||
Despite Nitro's advisory, the data breach exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.<ref>{{Cite web |title=Nitro |url=https://haveibeenpwned.com/breach/Nitro |access-date=2025-05-23 |website=Have I Been Pwned}}</ref> | |||
==Lawsuit== | ==Lawsuit== | ||
{{Placeholder box|If applicable, add any information regarding litigation around the incident here. | {{Placeholder box|If applicable, add any information regarding litigation around the incident here. | ||
Revision as of 19:35, 23 May 2025
Nitro Pro is a Portable Document Format (PDF) editing application[1] and electronic signature software.[2]
Background
Claimed to be used by over 10 thousand business customers and 1.8 million licensed users, Nitro is an application used to create, edit, and sign PDFs and digital documents. As part of their service offering, Nitro offers a cloud service used by customers to share documents with coworkers or other organizations involved in the document creation process. A massive data breach suffered by the Nitro PDF service impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank.[3]
Incident
In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com. Cybersecurity intelligence firm Cyble has told BleepingComputer that a threat actor is selling the user and document databases, as well as 1TB of documents, that they claim to have stolen from Nitro Software's cloud service. Cyble states that the 'user_credential' database table contains 70 million user records containing email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data.[3]
Nitro's response
On October 21st, Nitro Software issued an advisory to the Australia Stock Exchange, stating that they were affected by a "low impact security incident" but that no customer data was impacted. Despite Nitro's advisory, the data breach exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.[4]
Lawsuit
Consumer response
References
- ↑ "Nitro Pro 12 review: A better document workflow". PC Magazine. Retrieved 31 October 2018.
- ↑ "Nitro PDF Pro". The University of Melbourne. Retrieved August 15, 2024.
- ↑ 3.0 3.1 "Massive Nitro data breach impacts Microsoft, Google, Apple, more". BleepingComputer. Retrieved 2025-05-23.
- ↑ "Nitro". Have I Been Pwned. Retrieved 2025-05-23.