Jump to content

Nitro Data Breach


Kollman
 Share

Recommended Posts

Hi, 

A notification just came up for me today through my LastPass Password manager indicating my Email, Password and Name has appeared on the ominous Dark Web. 

Kind of disappointed I had to google for the news articles on the issue and search this forum to find the IT-Security Teams position on the breach analysis. Does not strike me as a timely, transparent and proactive user communication approach to a data breach.

Glad is is minor, would Nitro be implementing Second factor sign on?

Cheers

Kim Kollman 

 

 

Link to comment
Share on other sites

  • Official Nitronaut
Allain Umailin

Hello @Kollman,

Thank you for reaching out to us through our Community Forums!

In September 2020, Nitro experienced an isolated security incident involving limited access to Nitro databases by an unauthorized third party. The impacted databases are specific to online services and have been used primarily for the storage of information connected with Nitro’s free online products. There was no impact to Nitro Pro (PDF) or Nitro Analytics.

Exposed user data included user email addresses, full names, and highly secure hashed and salted passwords. 

Nitro's free online conversion service does not require users to create a Nitro account or to become a Nitro customer. Users are simply required to provide an email address to which converted files are delivered. Users of our free online conversion service may have had their user information stored in an impacted database, but do not have a Nitro account. 

Upon learning of this incident, Nitro conducted a forced password reset for all users to further secure customer accounts.  Since the incident, Nitro has been working closely with external cybersecurity experts to bolster the security of all systems, including enhanced logging, detection and alerting services in all regions, as well as increased data monitoring and re-evaluation of all protocols. The IT environment remains secure and Nitro has not seen any malicious activity in our systems since the incident.

For additional details, please go to our Security Page  https://www.gonitro.com/nps/security/updates#security-incident-update and with regard to Nitro if we will implement a second factor sign-on, we encourage you to send a direct email to incident@gonitro.com

Our sincere apologies again and I hope this helps

Link to comment
Share on other sites

Are you saying the September 2020 breach is still affecting us?  I too have had two of these dark web alerts on my ID protection services since January  2021. 

How can I prevent this?

Link to comment
Share on other sites

  • Official Nitronaut
Allain Umailin

Hello @MJBBooks,

Thank you for reaching out to us through our Community Forums!

After the September incident and the actions our Security Team has undertaken, this should no longer be affecting users of Nitro free online conversion service.

Could you please provide more details about your ID protection that alert you about this?

Thank you very much in advance and I am looking forward to hearing back from you.

Link to comment
Share on other sites

Geoff Conway

I have had a similar experience - first received an alert from LastPass on 8th February 21 indicating a security breach of my email address/password at gonitro.com which I subsequently discovered occurred in September 2020 by reading this forum.

Prior to that monitoring alert I had already attempted to login to gonitro.com on 23 January 21 which had failed - so had reset its password then to regain access. That went fine.

What I initially didn't do though was clear the gonitro.com alert in the Security Dashboard in LastPass - so subsequently received a second alert on 13th February (which I didn't notice) and a third (and hopefully final) alert earlier today which I did see.

I realized earlier that the way to clear the alerts is to close each alert window by clicking the top right hand X and then dismissing each pop-up alert (which suggest you should change the password first as LastPass hasn't seen a gonitro.com password change since the alert first occurred on 8th February) which dismissal then clears that alert.

As I had already changed the gonitro.com password by the time I received the first alert, LastPass didn't link the earlier password reset for gonitro.,com with its first alert  which might otherwise have been cleared automatically by my changing the gonitro.com password. As this was out of sequence that didn't happen.

With the 3 alert windows now closed that should be the end of it.

Geoff

Edited by Geoff Conway
Link to comment
Share on other sites

  • 5 months later...
MJBBooks
LOGIN CREDENTIALS COMPROMISED  
Date Found:
2/16/2021
Description:
Your login credentials were found on the Dark Web
Monitored Username:
***************keeping.com
Data Breach:
gonitro.com
Category:
Software
Breach Date:
Unknown
Breach Contents:
Emails, Passwords, Names
Password Type:
Unknown
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.