Gianni Posted January 19, 2021 Report Posted January 19, 2021 Today I got the following email: In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com. Is it true and what does nitro recommend to do? Hans
Official Nitronaut Allain Umailin Posted January 19, 2021 Official Nitronaut Report Posted January 19, 2021 Hello @Gianni, Thank you for reaching out to us through our Community Forums and our sincere apologies for this inconvenience. I have forwarded your question to Incident@gonitro.com Our Incident response team will reply to your inquiry. Thank you and stay safe always!
Gianni Posted January 29, 2021 Author Report Posted January 29, 2021 293 / 5000 Except for the cheap excuse, I haven't heard from nitro. I think it's a shame how nitro treats its customers. I don't want to have anything to do with nitro anymore and am looking for another pdf program. What kind of software is there that can do about the same as nitro?
Official Nitronaut Allain Umailin Posted February 10, 2021 Official Nitronaut Report Posted February 10, 2021 Hello @Gianni, Thank you for this response and our sincere apologies for this inconvenience. In September 2020, Nitro experienced an isolated security incident involving limited access to Nitro databases by an unauthorized third party. The impacted databases are specific to online services and have been used primarily for the storage of information connected with Nitro’s free online products. There was no impact to Nitro Pro (PDF) or Nitro Analytics. Exposed user data included user email addresses, full names, and highly secure hashed and salted passwords. Nitro's free online conversion service does not require users to create a Nitro account or to become a Nitro customer. Users are simply required to provide an email address to which converted files are delivered. Users of our free online conversion service may have had their user information stored in an impacted database, but do not have a Nitro account. Upon learning of this incident, Nitro conducted a forced password reset for all users to further secure customer accounts. Since the incident, Nitro has been working closely with external cybersecurity experts to bolster the security of all systems, including enhanced logging, detection and alerting services in all regions, as well as increased data monitoring and re-evaluation of all protocols. The IT environment remains secure and Nitro has not seen any malicious activity in our systems since the incident. For additional details, please go to our Security Page https://www.gonitro.com/nps/security/updates#security-incident-update I have already forwarded your questions to Incident@gonitro.com. Our Incident response team will reply to your inquiry but, given the volume of inquiries, responses might be delayed. Thank you for your patience and kind understanding.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now