Expert Commentary: Massive Nitro Data Breach Impacts Microsoft, Google, Apple, More

A massive data breach suffered by the Nitro PDF service has impacted many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank. Claimed to be used by over 10 thousand business customers and 1.8 million licensed users, Nitro is an application used to create, edit, and sign PDFs and digital documents. On October 21, Nitro Software issued an advisory to the Australia Stock Exchange, stating that they were affected by a “low impact security incident” but that no customer data was impacted.

Cybersecurity intelligence firm Cyble has revealed that a threat actor is selling the user and document databases, as well as 1TB of documents, that they claim to have stolen from Nitro Software’s cloud service. Cyble states that the ‘user_credential’ database table contains 70 million user records containing email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data.

Jayant Shukla, CTO and Co-Founder,  K2 Cyber Security
October 27, 2020
Organizations need to make sure they vet the security of the many partners and third-party organizations that they depend on.
While we don’t know how the data breach involving the Nitro PDF service may have come about, it’s likely from phishing campaigns and stolen credentials, or from exploiting vulnerabilities in applications, as these are the two most common sources of breaches. To protect themselves, organizations need to make sure that not only are they using phishing detection and training employees to recogn ....
Josh Bohls, Founder,  Inkscreen
October 27, 2020
The big warning that should not be overlooked is that Nitro is a publicly-traded company with a highly reputable service.
The Nitro PDF data breach could be one of the biggest corporate disclosures since the so-called "Panama Papers" breach in 2016 (https://www.theguardian.com/news/2016/apr/03/what-you-need-to-know-about-the-panama-papers). If the reports are true, this is the kind of data leak that could be dripping for many months, and cause extreme embarrassment, legal action, and major ripples across the global e ....
Pravin Rasiah, VP of Product,  CloudSphere
October 27, 2020
Complete visibility into the cloud environment combined with proper cloud governance is critical to preventing data breaches.
Companies entrusted with customer information have a responsibility to ensure their data stays secure and out of the hands of cybercriminals, who can use this exposed information to launch targeted attacks and gain access to other user accounts and resources. Without awareness or proactive action to maintain cloud security policies, it's more likely that malicious actors will target and exploit th ....
[Read More >>]

