Nitro Data Breach and Server upgrade

[K.K. Sips]

Hi there,

Given the upcoming server-upgrade I am thinking of upgrading my NitroPro 12 to 13. First and foremost: i simply love using Nitro, I am doing so day in, day out in my professional work (finance/fiscal).

However, I am really worried about last year's  databreach. Not so much for the credentials (anything Nitro-related I had immediately changed) .... but for the possibility that user documents could have been stolen, too. At bleepingcomputer[dot]com they keep on talking about a data dump of 1TB containing user documents, on top of the 77 million user data (credentials+) breach. "......as BleepingComputer later found, a database containing alleged info on 70 million Nitro PDF user records got auctioned together with 1TB of documents for a starting price set at $80,000."

It would really make me sick to my stomache if my clients' sensitive financial information would become at risk, once I would start using the NitroSign options on v13 after the upgrade. (Currently I am using SignNow as a service.)

Is there any truth to the "1Tb documents" story (it clearly isn't going away) or is this merely scaremoungering by bleepingcomputer[dot]com ? I truly hope it is the latter.

Thanks in advance!

 

[Allain Umailin]

Hello @K.K. Sips,

Thank you for reaching out to us through our Community Forums and our sincere apologies for the inconvenience this has caused you.

In September 2020, Nitro experienced an isolated security incident involving limited access to Nitro databases by an unauthorized third party. The impacted databases are specific to online services and have been used primarily for the storage of information connected with Nitro’s free online products. There was no impact to Nitro Pro (PDF) or Nitro Analytics.

Exposed user data included user email addresses, full names, and highly secure hashed and salted passwords. 

Nitro's free online conversion service does not require users to create a Nitro account or to become a Nitro customer. Users are simply required to provide an email address to which converted files are delivered. Users of our free online conversion service may have had their user information stored in an impacted database, but do not have a Nitro account. 

Upon learning of this incident, Nitro conducted a forced password reset for all users to further secure customer accounts.  Since the incident, Nitro has been working closely with external cybersecurity experts to bolster the security of all systems, including enhanced logging, detection and alerting services in all regions, as well as increased data monitoring and re-evaluation of all protocols. The IT environment remains secure and Nitro has not seen any malicious activity in our systems since the incident.

For additional details, please go to our Security Page  https://www.gonitro.com/nps/security/updates#security-incident-update

With regard to your inquiry, feel free to send a direct email to our Incident Response Team through incident@gonitro.com 

Our sincere apologies for this inconvenience and stay safe always!