Everyone is at risk of being targeted by cybercriminals. Whether it happens via a text containing a malicious download link or an email with a URL to a dummy site to steal your information, the malicious players on the web are always looking for new victims.
There have been a couple of data leaks from recent hacks over the last few weeks. One of the issues stemmed from a Pixlr hack, which ended in a leak of 1.4 million user records.
While frustrating, these leaks are also pretty dangerous for those whose information is made available on the web. And now there’s another data leak to contend with. This leak contains personal information from more than 77 million people, and there’s a chance your information is exposed. Here’s what you need to know.
Here’s the backstory
A new leak of stolen Nitro PDF service records is putting millions of users’ information at risk. This leak was discovered this week and involves more than 77 million user records containing information on email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses and other system-related information.
It appears this leak is related to the “low impact security incident” reported by Nitro on Oct. 21, 2020. The company initially stated that no customer data was impacted during that incident. However, BleepingComputer later found a database on a hacker site containing 70 million Nitro PDF user records.
The hacked records, which were initially auctioned together with 1TB of documents, had a starting price set at $80,000. This time, however, the price is much lower.
ShinyHunters, the hacking group claiming responsibility for this leak, offers a set price of $3 for access to the download link. ShinyHunters has been responsible for several other data leaks, including one that exposed 400 million stolen records on the Dark Web.
Why does it matter to you?
Not only are over 70 million Nitro users at risk of having their information accessed by cybercriminals, but so are several companies. Nitro is used by millions to create, edit and sign PDFs and digital documents, and large tech companies like Google, Apple, Microsoft, Chase and Citibank are among their business users.
This massive leak could lead to huge problems for the users whose information is now easily and cheaply accessible on the web. Cybercriminals can use the leaked details for malicious reasons, including identity theft, credible phishing attacks or credential stuffing. This puts you at serious risk of being targeted with a digital crime.
What can you do about it?
If you think your information may be part of the leak, you should:
- Check a database for signs of your info. Run your email address through a site like HaveIBeenPwned, which checks your personal info against leak information contained in their database. The information from this leak has already been added to HaveIBeenPwned, so it’s a good place to start. Tap or click here to find out how to use the tool.
- Change your passwords. And not just your Nitro PDF account password. Any account passwords, especially ones that are similar to your Nitro PDF password, should be changed to strong, unique passwords. Do not repeat the password across accounts. Tap or click here for help creating stronger passwords.
- Use 2FA. You may also want to use two-factor authentication to make it more difficult for hackers or cybercriminals to access your accounts. This two-step verification process adds another layer of protection to your accounts, which is necessary in cases like these. Tap or click here for a deep dive into 2FA.
With over 77 million easily accessible records available for download by cybercriminals, you need to take precautions to protect your information. If you’ve used Nitro PDF in the past, there’s a chance your information has been exposed. Check with a site like HaveIBeenPwned and take steps to secure your accounts. Otherwise, you could end up the victim of a cybercrime.