Millions of Nitro PDF users' passwords exposed in leaked database
It is a few months since Nitro PDF was hit by hackers in a huge data breach. While the stolen data was initially put up for sale, now it has been made available free of charge.
What this means is that a database containing over 77 million user records is now freely available for just about anyone to download. The database weighs in at around 14GB and includes not only names and email addresses, but also passwords.
SEE ALSO:
- FreakOut malware targets Linux users by exploiting multiple vulnerabilities
- Weird Windows 10 bug causes BSoD if you visit a certain path using Chrome
- Serious Windows 10 flaw could corrupt your hard drive if you open a folder
The good news is that the passwords that have been exposed are bcrypt hashed, but the amount of information that has been made available is still alarming nonetheless. Names, IP addresses, email addresses and more are enough for an attacker to execute a phishing campaign or start researching other personal information.
In light of the leak, data breach service Have I Been Pwned is now warning users if their passwords have been compromised. The listing on the site says:
Nitro
In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.
Breach date: 28 September 2020
Date added to HIBP: 19 January 2021
Compromised accounts: 77,159,696
Compromised data: Email addresses, Names, Passwords
As noted by Bleeping Computer, the database was initially leaked by threat actor ShinyHunters who charged a nominal fee for access to a download link, but the database is now available elsewhere online for free.
Image credit: WhataWin / Shutterstock