Nitro software data breach: Hackers claim selling customer data

Nitro Software Inc’s data breach may affect industry bigwigs like Apple, Google, and Microsoft.
Nitro software data breach: Hackers claim selling customer data


Nitro Software Inc’s data breach may affect industry bigwigs like Apple, Google, and Microsoft.

A well-known document productivity company in Australia, Nitro Software Inc., became the target of a data breach on October 21st. Apparently, the customer data of the company is up for sale on the dark web.

Nitro Software’s services are used by around 1.8 million licensed users and more than 10 thousand business customers. It is an application that creates, edits, and sign digital and PDF documents. It also offers cloud services through which customers can share documents with other organizations or coworkers.

What’s noteworthy is that several industry giants are Nitro Software customers, including several Fortune 500 companies such as Microsoft, Apple, Citibank Chase, and Google.

According to the advisory issued by Nitro Software to the Australian Stock Exchange, this was a “low impact security incident,” and the unauthorized third party could obtain “limited access to a Nitro database.” Furthermore, the company claims that customer data was not impacted by the incident.

However, as per the analysis of cybersecurity intelligence firm Cyble, the stolen data includes one terabyte worth of its customers’ created documents apart from the company’s user databases and other documents.

Moreover, Cyble discovered a threat actor selling the data in the private auction on the dark web claiming to have stolen it from the company’s cloud service. The data is on sale at a starting price of $80,000.

According to Cyble, the User_Credential database has around 70 million user records, including full names, email addresses, company names, bcrypt hashed passwords, IP addresses, titles, and system-related data.

Nitro software data breach: Hackers selling customer data on dark web
Nitro database screenshot (Image: Cyble via Bleeping Computer)

The Document database contains information about the files, such as its title, whether it was signed or created, which accounts owns it, and if it is public.

Cyble shared the sample data with Bleeping Computer who has verified the data by confirming the known email IDs of Nitro Software accounts from the database. It states that the Nitro Software data breach could be the “worst corporate data breaches” in a while.

Interestingly, Nitro Software is downplaying the incident by claiming it as a low impact attack. The company released an official statement that read:

The relevant database supports certain Nitro online services and has been sued primarily for the storage of information connected with Nitro’s free online products. The database does not contain user or customer documents.

Nitro’s investigation into the incident remains ongoing. There is no evidence currently that any sensitive or financial data relating to customer has been impacted or that any information has been misused.

Nonetheless, to stay secure, organizations must deploy phishing detection and train employees to detect phishing attacks. They must amplify their defenses for all applications, assets, and data that is available online.

Updated statement from Nitro

Nitro’s representatives have contacted with an updated statement addressing the issue. According to the company:

Nitro continues to investigate an isolated security incident involving limited access to a Nitro database by an unauthorized third party. The incident database does not contain any user or customer documents, which are hosted in a separate database in a different location.

The incident database is primarily used for service logging purposes related to Nitro’s popular free online document conversion services.

Usage of Nitro’s free document conversion services does not require users to create an account or become a Nitro customer. Users are required to provide an email address – converted files are delivered to the email address provided – and common email domains are frequently entered and will show up in these logs.

For clarity, the email domains in these logs do not constitute Nitro ‘customers’ or ‘accounts’, and the logs do not contain any documents.

There is currently no established evidence that any sensitive or financial data relating to customers has been compromised. There is no impact to Nitro Pro or Nitro Analytics.

Nitro’s environment was fully secured immediately after the incident was identified. While the incident database does not contain sensitive or financial information, and passwords are highly encrypted, we are communicating with customers and have implemented a password reset as a precautionary measure.  

In a statement, Sam Chandler, Nitro founder, and CEO added that:

“Several media articles published in the past 24 hours contain a number of factual inaccuracies regarding this incident. The relevant database does not contain copies of user or customer documents. Documents are stored in a separate database in a different location. There is currently no established evidence that this separate database has been compromised. We are providing updates on the incident on our security page.”

Further information and updates are available here.


Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Related Posts