77 million user records leaked in hack of PDF software – Was your info exposed?

January 21, 2021

By Kim Komando

Everyone is at risk of being targeted by cybercriminals. Whether it happens via a text containing a malicious download link or an email with a URL to a dummy site to steal your information, the malicious players on the web are always looking for new victims.

There have been a couple of data leaks from recent hacks over the last few weeks. One of the issues stemmed from a Pixlr hack, which ended in a leak of 1.4 million user records.

While frustrating, these leaks are also pretty dangerous for those whose information is made available on the web. And now there’s another data leak to contend with. This leak contains personal information from more than 77 million people, and there’s a chance your information is exposed. Here’s what you need to know.

Here’s the backstory

A new leak of stolen Nitro PDF service records is putting millions of users’ information at risk. This leak was discovered this week and involves more than 77 million user records containing information on email addresses, full names, hashed passwords, titles, company names, IP addresses and other system-related information.

It appears this leak is related to the “low impact security incident” reported by Nitro on Oct. 21, 2020. The company initially stated that no customer data was impacted during that incident. However, BleepingComputer later found a database on a hacker site containing 70 million Nitro PDF user records.

The hacked records, which were initially auctioned together with 1TB of documents, had a starting price set at $80,000. This time, however, the price is much lower.

ShinyHunters, the hacking group claiming responsibility for this leak, offers a set price of $3 for access to the download link. ShinyHunters has been responsible for several other data leaks, including one that exposed 400 million stolen records on the Dark Web.

Why does it matter to you?

Not only are over 70 million Nitro users at risk of having their information accessed by cybercriminals, but so are several companies. Nitro is used by millions to create, edit and sign PDFs and digital documents, and large tech companies like Google, Apple, Microsoft, Chase and Citibank are among their business users.

This massive leak could lead to huge problems for the users whose information is now easily and cheaply accessible on the web. Cybercriminals can use the leaked details for malicious reasons, including identity theft, credible phishing attacks or credential stuffing. This puts you at serious risk of being targeted with a digital crime.

What can you do about it?

If you think your information may be part of the leak, you should:

Bottom line

With over 77 million easily accessible records available for download by cybercriminals, you need to take precautions to protect your information. If you’ve used Nitro PDF in the past, there’s a chance your information has been exposed. Check with a site like HaveIBeenPwned and take steps to secure your accounts. Otherwise, you could end up the victim of a cybercrime.

https://www.komando.com/tips/cybersecurity/nitro-pdf-data-leak/