Nitro, the developer of the well-known PDF tool, suffered from data leakage of clients, which include quite large and well-known companies.
The scale of the problem is easy to gauge by looking at the official statistics: over 10,000 business customers and 1,800,000 users worldwide use Nitro to create, edit, and sign PDFs and digital documents.In addition, Nitro provides users with a cloud service for sharing documents with colleagues or other organizations. Thus, due to the incident, suffered not only ordinary people, but also such giants as Google, Apple, Microsoft, Chase and Citibank.
Bleeping Computer reports that on October 21, 2020, Nitro Software notified the Australian Stock Exchange of the incident.
However, specialists from the cyber security company Cyble told reporters that the incident was much more serious, and hackers are already selling at a private auction user databases and databases with documents stolen from the company, as well as more than 1 TB of various documents. The starting price for this data starts at $ 80,000.
Bleeping Computer journalists write that they were able to verify the authenticity of the data through the known email addresses of the Nitro accounts, which were present in the database. However, there is no evidence that this information was stolen by attackers as a result of this particular attack.
In turn, the document database contains the names of files, information about when they were created, signed, which account the document belongs to and whether it is publicly available. According to Cyble, the database contains many records associated with well-known companies.
Bleeping Computer notes that even the titles of the documents themselves already reveal a lot of information about financial statements, mergers and acquisitions, nondisclosure agreements, product releases and so on. Since companies often use Nitro to digitally sign confidential financial, legal and marketing documents, this leak could seriously impact the businesses of affected companies.
Representatives of Nitro told journalists that they are still investigating the incident and so far have no evidence that “confidential or financial data of clients has been compromised.”
As a reminder, recently hack group Maze has published over 70 GB of data stolen from LG and Xerox.