Nitro Software Inc., an Australian tech software company that provides document productivity and cloud services to its users and Fortune 500 clients, just got hacked.
Known worldwide as the alternative provider of document productivity products – other than Adobe Acrobat, Nitro became one of the leaders in the PDF industry and digital transformation. It has been consistently providing top-notch document portability software and cloud services to its customers for more than a decade, with its headquarters located in Melbourne, Ireland, and North America.
The data breach has been quite sensational, considering that Nitro Software has some considered Industry Giants.
These corporate partners include Apple, Google, Microsoft, Citibank, J.P. Morgan Chase, among others. Its cloud service is being widely utilized by these tech giants, including employees – to share documents across departments and other organizations. Nitro has more than 600K registered users and 10K business/corporate clients worldwide, with millions of licensed and free users using their free software.
According to a recently released statement by their media relations team, several news releases and published articles from the last 24-48 hours about the incident are considered inconsistent and factually incorrect. Initial reports have been plagued with stories saying that one of their databases have been compromised by the data breach. This database reportedly contains millions of user data and sensitive corporate documents. As of this reading, Nitro Software is firmly claiming that no substantial and established evidence will point to the fact that their database or any user data has been compromised by the hacking incident. Investigations are still very much in progress, and any updates on the incident will be shared on their official website’s security page.
The company has been noted to have tagged the incident as “low impact” – downplaying the hacking incident as a low-level skirmish by a hacker that got limited access to a Nitro database with no pertinent contents or data being compromised.
However, researchers have downplayed this statement, since according to initial reports, the data breach has been proved to be “fruitful.” A few hours after the alleged “low-impact” intrusion, the stolen data package has been posted for sale on the Dark Web. The data package has been made available for an initial bid of US$80,000. The said package contains more than 70 Million user records (IP addresses, user accounts, customer records, passwords, company information, and other user-related data) and possibly corporate/financial documents.
iZOOlogic, several security firms, and security researchers have confirmed the data package’s existence being auctioned on the Dark Web. It is not a surprise that the “data package” was made available on the Dark Market and for quite a hefty starting price to begin with. The seller’s true identity and the legitimacy of this data package’s contents are yet to be revealed. However, iZOOlogic found out that the seller goes by the moniker “ExpertDataSource” on various popular social media chat-app. Sensational and valuable data breaches of this magnitude demand recognition and glory, something a hacker wouldn’t pass on. Needless to say, Nitro will indeed consider upgrading their defenses from now on.