77 million! Massive breach of Nitro PDF user database

The stolen database containing over 77 million Nitro PDF user records (email addresses, usernames and passwords) was leaked publicly for free by hackers yesterday.

The 14GB leaked database released by the hackers contained 77,159,696 records containing users’ email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information.

The database has been added to the “Have I Been Pwned” leak detection service, which enables users to check if their information has been exposed in a data breach.

Nitro, an app that helps create, edit and sign PDFs and digital documents, claims to have more than 10,000 business customers and around 1.8 million licensed users.

Nitro also offers a cloud service where customers can share documents with colleagues or any other organization.

This isn’t Nitro’s first serious data breach, with Nitro PDF’s first large-scale data breach last year, affecting companies including Google, Apple, Microsoft, Chase and Citibank.

While Nitro Software disclosed the “low impact security incident” in an ASX announcement on 21 October 2020, stating that no customer data was affected. However, in that data breach, a database containing allegedly information about 70 million Nitro PDF user records was auctioned along with 1TB of documents, with a starting price set at $80,000, according to BleepingComputer.