21 January 2021

Stolen database of over 77 million Nitro PDF user records leaks online


Stolen database of over 77 million Nitro PDF user records leaks online

A malicious actor claiming to be a part of the ShinyHunters group infamous for hacking online databases and selling stolen information, has shared a full database containing over 77 million Nitro PDF user records on a hacker forum.

The 14 GB archive includes 77,159,696 records with users' email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other info. According to Bleeping Computer, the seller is asking $3 for access to the download link.

A Nitro PDF security breach came to light in October last year, when Nitro Software disclosed a security incident, in which a third party gained a limited access to a Nitro database. At the time, the company described the hack as “a low impact security incident” and said that the stolen database did not contain user or customer documents, however, security researchers found that the stolen data included the company’s user and document databases along with 1 TB in documents created by Nitro’s customers, as well as records related to major companies, such as Amazon, Apple, Citibank, Chase, Google, and Microsoft.

The hackers then put the stolen info on sale in a private auction with the starting price set at $80,000.

The ShinyHunters hackers have been known to advertise on the dark web data allegedly stolen as a result of multiple breaches, including ones that affected Tokopedia, Wattpad, Mathway, and many others.

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024