The breach, which would later be identified as having occurred in September 2020, stemmed from a affecting databases linked to Nitro's free online services. The company maintained that its core desktop software, Nitro Pro, and its analytics product were not involved in the incident. However, this distinction offered little comfort to the tens of millions of users whose information had been exposed.
Under GDPR, companies must report breaches within 72 hours and can be fined up to €20 million or 4% of global annual turnover. Nitro notified users weeks after discovery, which could attract scrutiny from the Irish Data Protection Commission or other EU supervisory authorities.
when an unauthorized third party accessed a company database
The breach was not a sophisticated nation-state attack. Instead, it was a classic “low-hanging fruit” exploit: nitro pdf data breach
Full names, email addresses, bcrypt-hashed passwords, company names, and IP addresses.
(secured, but still vulnerable to cracking) Document Titles from converted or shared files Company Names and IP Addresses
: If you use the same password for other accounts, change it immediately. Always use unique, strong passwords for every service. The breach, which would later be identified as
(City, State, Zip, Country) and Phone Numbers
The breach impacted users of Nitro’s free online conversion tools and account holders. The leaked information included: Personal Details: Full names, email addresses, and company names. Security Data: Bcrypt hashed and salted passwords and IP addresses. System Info:
Data breaches rarely end with the initial theft. Cybercriminals quickly weaponized the Nitro PDF database for secondary attacks. Credential Stuffing Under GDPR, companies must report breaches within 72
Here is a comprehensive breakdown of the Nitro PDF data breach, its aftermath, and the critical security lessons businesses must learn from it. 1. What Happened?
The breach resulted in the exposure of two main categories of data: user account information and the content of documents.