fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hacker Leaks Full Database Of 77 Million Nitro PDF User Records

Hacker Leaks Full Database Of 77 Million Nitro PDF User Records

A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free.

The 14GB leaked database contains 77,159,696 records with users’ email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information.

The database has also been added to the Have I Been Pwned service which allows users to check if their info has also been compromised in this data breach and leaked on the Internet.

Nitro is an application that helps create, edit, and sign PDFs and digital documents, an app that Nitro Software claims to have over 10,000 business customers and roughly 1.8 million licensed users.

Nitro also provides a cloud service that customers can use to share documents with coworkers or any other organizations involved in the document creation process.

Also Read: Going Beyond DPO Meaning: Ever Heard Of Outsourced DPO?

Nitro PDF user records' contents
Nitro PDF user records’ contents

Nitro’s data breach

The massive Nitro PDF data breach BleepingComputer first reported last year also impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank.

Nitro Software disclosed a “low impact security incident” on October 21, 2020, in an advisory to the Australia Stock Exchange, stating that no customer data was impacted.

However, as BleepingComputer later found, a database containing alleged info on 70 million Nitro PDF user records got auctioned together with 1TB of documents for a starting price set at $80,000.

BleepingComputer was able to determine the stolen database’s authenticity after confirming that known email addresses of Nitro accounts were present in the auctioned database.

Stolen user records leaked for free

Now, a threat actor claiming to be a part of ShinyHunters has leaked the full database for free on a hacker forum — the threat actor has set a price of $3 for access to the download link.

ShinyHunters is a notorious threat actor known for hacking online services and selling stolen information via data breach brokers or in private sales.

Previously, ShinyHunters said they were behind breaches at HomechefWattpadMintedTokopediaDavePromoChatbooksMathway, and many others; the information proved to be true.

Nitro PDF leak
Nitro PDF database leaked for free

As malicious actors can use the leaked user details to launch more credible phishing attacks or for credential stuffing, affected Nitro PDF users are strongly advised to change their passwords to a strong, unique password.

Also Read: Limiting Location Data Exposure: 8 Best Practices

Users should switch to a unique and strong password that they don’t use for any other website or online service.

Using a password manager is also recommended as it helps manage and generate unique and for different sites.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us