77 million PDF user records published online

Edward Kost
Edward Kost
January 20, 2021

Nitro, a PDF creation and editing solution has had 77 million of its records breached and published onto a hacker forum. 

ShinyHunters is the hacker group responsible for the attack. This cybergang has made a reputation for selling breached data on hacker forums. 

The breach occurred in September 2020. Nitro announced the breach in its official statement, assuring everyone that it was a minor incident.  

“[Nitro] advises of an isolated security incident involving limited access to a Nitro database by an unauthorised third party” Nitro said in their statement.

But this “low impact security incident” developed into anything but that. 

Bleeping Computer discovered a data dump on a hacker forum comprising 70 million records. It was for sale at a starting price of $80,000.

Now, a threat actor claiming to be affiliated with ShinyHunters, has reposted an updated list of the breached data, this time giving it away for free.

nitro pdf data dump on hacker forum
Dumped Nitro PDF data on hacker forum - source: bleepingcomputer.com

The total number of records have risen to over 77 million. The 14 GB of breached data include the following sensitive information:

  • User IDs
  • First names
  • Last names
  • Account IDs
  • Addresses
  • Zip codes
  • City, State and Country details
  • Phone numbers
  • Email addresses

This data breach was significant enough to be recorded in the Have I been Pwned list of compromised businesses.

Nitro data breach
Source: haveibeenpwned.com

Nitro has a client base of over 10,000 businesses, so this single breach impacted the businesses using the software - that’s the insidious nature of third-party vendor breaches.

Some of the impacted businesses included Microsoft Google and Apple. 

The Nitro software is used for more than just simple PDF editing, businesses commonly use the solution to sign highly sensitive legal and financial documents. If such delicate information falls into the wrong hands, the negative impact to affected businesses will be significantly higher.

This incident occurred on the same day ShinyHunters breached 2.28 million dating app user records, making them freely available for download on a hacker forum.

How secure is Nitro?

Nitro integrates PDF productivity, eSignatures and Business Intelligence (BI) tools to customers through a horizontal, SaaS and desktop-based software suite.
  • Check icon
    View our free preliminary report on Nitro’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating