A Data Breach Has Forced Nitro PDF Customers to Change Passwords
A data breach that could have exposed the e-mail and password combos of thousands of users, located in New Zealand, was reported by security researchers in late November 2020.
The affected entity is Nitro PDF - an Australian company that runs a platform focused on the creation and editing of Portable Document Files using Adobe's now-open format.
Security experts with Cert NZ - the country's computer emergency response team, alerted of a "significant" breach at Nitro PDF. An entity that claims they possess the data stolen from Nitro PDF published over 2.5 million e-mail addresses as well as passwords that were thankfully encrypted. A small portion of around 4000 of those e-mails had .nz domain extensions.
Cert NZ did not take any responsibility for verifying the further claims that even more data from the breach in question had been released publicly.
The userbase of Nitro PDF may seem small, at around 10,000 customers, but those are almost exclusively companies and businesses. Some of the companies that use Nitro PDF's services are huge corporations such as Apple and Google, so the severity of the breach is not comparable to a breach that takes place at a company with 10,000 private home users.
Change of passwords is the only solution
Of course, New Zealand's Cert team advises anyone who has an active Nitro PDF account to immediately change passwords and use a strong, long string as their new password. Additionally, anyone affected should double check and make sure they are not using their Nitro PDF password anywhere else, as that would give bad actors potential access to other accounts and services.
The sad reality of things is that end users can do nothing to safeguard against data breaches and data leaks. The best response in similar situations is to act with haste, immediately change passwords and hope for the best.