Nitro Pdf Data — Breach

The breach exposed a massive amount of user and document data. It is important to distinguish between account data and document data.

A. User Account Data: The stolen database contained approximately 70 million user records. The exposed information included:

B. Document Data: The attackers also accessed approximately 18,000 to 19,000 documents stored on Nitro's cloud servers. nitro pdf data breach

If you stored a PDF named “2020_Company_Acquisition_Strategy.pdf” or “Passport_Scan_JohnDoe.pdf,” attackers know you possess sensitive documents. This could lead to targeted extortion or corporate espionage.

While the specific initial access vector was not fully disclosed by Nitro, security analysts and the subsequent sale of the data suggest a compromise of administrative credentials or an exploit of a vulnerable internal server. The Shiny Hunters group is known for targeting unsecured databases and utilizing credential stuffing or phishing to gain high-level access. The breach exposed a massive amount of user

According to Nitro’s official incident response, the attackers did not access:

In October 2020, Nitro Software, a popular provider of PDF editing and e-signature tools, confirmed a significant data breach. An unauthorized third party gained access to user accounts and databases. While Nitro acted quickly, the exposed data has since appeared on hacking forums, putting affected users at risk of credential stuffing attacks and phishing. 000 to 19

If you have a Nitro PDF Pro account (especially one created before October 2020), your email address and hashed password are likely compromised.

Under GDPR, companies must report breaches within 72 hours and can be fined up to €20 million or 4% of global annual turnover. Nitro notified users weeks after discovery, which could attract scrutiny from the Irish Data Protection Commission or other EU supervisory authorities.