Now, more than ever, we rely on PDFs for many business and personal uses. Whether you’re filling out a job application, health insurance form, lease, or mortgage application, it’s likely that you’ll be including some sensitive or personally identifiable information, which, in the hands of bad actors, can be misused, sold, or exposed in ways that place you at risk. Therefore, it’s essential for PDFs to remain secure.
Bleeping Computer recently broke the news that Nitro Software, a PDF service, suffered a massive data breach that impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank. Claimed to be used by over 10 thousand business customers and 1.8 million licensed users, Nitro is an application used to create, edit, and sign PDFs and digital documents. As part of its service, Nitro offers a cloud service through which customers can share documents with coworkers or other organizations involved in the document creation process.
In its initial advisory to the Australian Stock Exchange on October 21, Nitro stated that they were affected by a low impact security incident but that no customer data was impacted. But, as Bleeping Computer reports, a threat actor is allegedly selling the compromised user and document databases, as well as 1TB of documents that they claim to have stolen from Nitro Software’s cloud service. For a starting price of $80,000, a ‘user_credential’ database table that holds 70 million user records, including email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data, is being offered at a private auction.
Research from cybersecurity intelligence firm Cyble indicates that approximately 13,772 accounts and 195,547 documents from Amazon, Apple, Citi, Chase, Google, and Microsoft were in the compromised databases. Nitro is commonly used by businesses to sign sensitive financial, legal, and business documents digitally, so this breach has the potential to leak information that would significantly impact these major companies.
This is a prime example of how cloud security encompasses much more than just the employees and resources in your organization. It encompasses all the third-party tools that have access to your cloud environment. Concerned about the security of your cloud? Read more about how DivvyCloud by Rapid7 keeps your cloud out of the news.
DivvyCloud by Rapid7 protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges. With automated, real-time remediation, DivvyCloud by Rapid7 customers achieve continuous security and compliance, and can fully realize the benefits of cloud and container technology.