Nitro PDF’s client roster includes thousands of enterprise users. Because Nitro Sign and Nitro Cloud allow users to share documents outside their own corporate networks, the impact spread far beyond the company’s direct customer base. Nitro Data Breach - Have I Been Pwned
If you used Nitro PDF or Nitro Cloud prior to October 2020, you should assume your data was compromised. You can verify this using the following steps:
Cybersecurity researchers soon discovered the stolen database being auctioned on the dark web, with a starting price of around $80,000 for the full 600GB set of data. nitro pdf data breach
Visit services like Have I Been Pwned to see if your data was part of the dump.
(secured, but still vulnerable to cracking) Document Titles from converted or shared files Company Names and IP Addresses Nitro PDF’s client roster includes thousands of enterprise
The Nitro PDF Data Breach: A Comprehensive Post-Mortem Analysis
Following the breach, the stolen data made its way to the dark web. A threat actor began selling the user and document databases, along with 1TB of documents allegedly stolen from Nitro Software's cloud service, in a . The hacker group responsible for the attack was identified as ShinyHunters , a cybercriminal gang notorious for hacking online services and selling stolen information via data breach brokers. Previously, ShinyHunters had been linked to breaches affecting Homechef, Wattpad, Tokopedia, Dave, Chatbooks, and numerous others. You can verify this using the following steps:
The Nitro PDF Data Breach: A Detailed Breakdown of the 70 Million+ Record Incident
Nitro PDF has acknowledged the breach and is taking steps to respond to the incident. According to their statement, the company is:
The problem: without logs, no evidence did not mean no breach . Security experts immediately criticized the response as insufficient. Nitro did force password resets for all users, nor did it initially disclose the scale of the incident.