Nitro hack has led to data leakage of such clients as Google, Apple, Microsoft, Citibank and others

Nitro clients data leakage
Written by Emma Davis

Nitro, the developer of the well-known PDF tool, suffered from data leakage of clients, which include quite large and well-known companies.

The scale of the problem is easy to gauge by looking at the official statistics: over 10,000 business customers and 1,800,000 users worldwide use Nitro to create, edit, and sign PDFs and digital documents.

In addition, Nitro provides users with a cloud service for sharing documents with colleagues or other organizations. Thus, due to the incident, suffered not only ordinary people, but also such giants as Google, Apple, Microsoft, Chase and Citibank.

Bleeping Computer reports that on October 21, 2020, Nitro Software notified the Australian Stock Exchange of the incident.

The company was affected by an incident that did not have a major impact [on the company] and no customer data was affected.said in the official Nitro statement.

However, specialists from the cyber security company Cyble told reporters that the incident was much more serious, and hackers are already selling at a private auction user databases and databases with documents stolen from the company, as well as more than 1 TB of various documents. The starting price for this data starts at $ 80,000.

The user_credential database table contains over 70,000,000 entries, including email addresses, full names, bcrypt hashed passwords, job titles, company names, IP addresses, and much more.say Cyble experts.

Bleeping Computer journalists write that they were able to verify the authenticity of the data through the known email addresses of the Nitro accounts, which were present in the database. However, there is no evidence that this information was stolen by attackers as a result of this particular attack.

Nitro clients data leakage
In turn, the document database contains the names of files, information about when they were created, signed, which account the document belongs to and whether it is publicly available. According to Cyble, the database contains many records associated with well-known companies.

Bleeping Computer notes that even the titles of the documents themselves already reveal a lot of information about financial statements, mergers and acquisitions, nondisclosure agreements, product releases and so on. Since companies often use Nitro to digitally sign confidential financial, legal and marketing documents, this leak could seriously impact the businesses of affected companies.

Nitro clients data leakage
Representatives of Nitro told journalists that they are still investigating the incident and so far have no evidence that “confidential or financial data of clients has been compromised.”

As a reminder, recently hack group Maze has published over 70 GB of data stolen from LG and Xerox.

User Review
5 (1 vote)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply