Delicate info referring to 1000’s of customers of the Nitro PDF reader has been leaked on-line. Again in October, Nitro admitted to what it described as a “low impression safety incident” however claimed that no buyer information was impacted. This now seems to have been false.
A risk actor claiming to be a part of the ShinyHunters hacking group has leaked a 14 GB database containing 77,159,696 Nitro data with customers’ e mail addresses, full names, bcrypt hashed passwords, firm names, IP addresses, and different system-related info.
The truth is, it’s been clear for a couple of months now th at buyer info was prone to have been affected by final October’s information breach. A database containing info referring to 70 million Nitro PDF consumer data, together with 1TB of paperwork, was auctioned shortly after the breach got here to gentle for $80,000.
The going charge
The hacker claiming to be a part of ShinyHunters is now providing the Nitro database for obtain on a widely known hacking discussion board, asking simply $3 for entry. The data might be utilized by malicious actors to hold out follow-up assaults, together with phishing campaigns or credential stuffing makes an attempt.
The ShinyHunters group gained notoriety final yr after it claimed duty for a number of big hacks and made the stolen credentials accessible on-line. The hackers even have kind relating to gifting away data without cost, doing so in July final yr simply days after promoting the identical info for 1000’s of {dollars}.
If any Nitro customers suspect that their particulars could have been compromised by the ShinyHunters hack, they’re suggested to alter their password instantly. And, after all, if these credentials are shared with different companies, they too must be modified.
Through Bleeping Computer
