A malicious actor claiming to be a part of the ShinyHunters group infamous for hacking online databases and selling stolen information, has shared a full database containing over 77 million Nitro PDF user records on a hacker forum.
The 14 GB archive includes 77,159,696 records with users' email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other info. According to Bleeping Computer, the seller is asking $3 for access to the download link.
A Nitro PDF security breach came to light in October last year, when Nitro Software disclosed a security incident, in which a third party gained a limited access to a Nitro database. At the time, the company described the hack as “a low impact security incident” and said that the stolen database did not contain user or customer documents, however, security researchers found that the stolen data included the company’s user and document databases along with 1 TB in documents created by Nitro’s customers, as well as records related to major companies, such as Amazon, Apple, Citibank, Chase, Google, and Microsoft.
The hackers then put the stolen info on sale in a private auction with the starting price set at $80,000.
The ShinyHunters hackers have been known to advertise on the dark web data allegedly stolen as a result of multiple breaches, including ones that affected Tokopedia, Wattpad, Mathway, and many others.