21 January 2021

Stolen database of over 77 million Nitro PDF user records leaks online


Stolen database of over 77 million Nitro PDF user records leaks online

A malicious actor claiming to be a part of the ShinyHunters group infamous for hacking online databases and selling stolen information, has shared a full database containing over 77 million Nitro PDF user records on a hacker forum.

The 14 GB archive includes 77,159,696 records with users' email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other info. According to Bleeping Computer, the seller is asking $3 for access to the download link.

A Nitro PDF security breach came to light in October last year, when Nitro Software disclosed a security incident, in which a third party gained a limited access to a Nitro database. At the time, the company described the hack as “a low impact security incident” and said that the stolen database did not contain user or customer documents, however, security researchers found that the stolen data included the company’s user and document databases along with 1 TB in documents created by Nitro’s customers, as well as records related to major companies, such as Amazon, Apple, Citibank, Chase, Google, and Microsoft.

The hackers then put the stolen info on sale in a private auction with the starting price set at $80,000.

The ShinyHunters hackers have been known to advertise on the dark web data allegedly stolen as a result of multiple breaches, including ones that affected Tokopedia, Wattpad, Mathway, and many others.

Back to the list

Latest Posts

Vulnerability summary for the week: March 5, 2021

Vulnerability summary for the week: March 5, 2021

A weekly vulnerability digest.
5 March 2021
Microsoft shares details on three new malware strains used in SolarWinds hack

Microsoft shares details on three new malware strains used in SolarWinds hack

GoldMax, Sibot and GoldFinder were used by attackers to achieve persistence on the infected machines and perform actions post-compromise.
5 March 2021
Four notorious cybercrime forums hacked

Four notorious cybercrime forums hacked

The list of hacked crime forums includes Maza, Verified, Crdclub and Exploit.
5 March 2021