The attackers exfiltrated a user database containing approximately 77 million records. This database included: of registered users. Email addresses used to create accounts.
If you want to investigate how this breach might affect your current setup, let me know: Are you looking to ?
By early 2021, the entire database was leaked for free on hacker forums, making the information available to a wider range of threat actors. Impact and Risks
Because Nitro PDF services are widely utilized in corporate environments, the breach did not just impact individual consumers. It compromised data belonging to some of the world's largest organizations, including tech giants, global financial institutions, and government agencies. Enterprise and Supply Chain Impact
Nitro Software was acquired by PDF solutions provider Foxit in 2024 in a deal valued at approximately $278 million. The acquisition promised to leverage the combined scale of two global PDF technology leaders. It remains unclear whether the security posture of Nitro's systems has been fully reassessed under new ownership.
User IDs, account IDs, and the titles of documents being converted (though not the document content itself). Impact on Major Organizations
| Field | Description | Cryptographic Protection | |-------|-------------|--------------------------| | email | Plaintext email address | None | | password_hash | Hash of user password | MD5 (no salt, single iteration) | | full_name | Plaintext name | None | | user_id | Numeric internal ID | None | | signup_date | Timestamp | None | | last_login_ip | IPv4/IPv6 address | None (stored in plain) | | account_type | Free/Trial/Pro | None |
The breach, which would later be identified as having occurred in September 2020, stemmed from a affecting databases linked to Nitro's free online services. The company maintained that its core desktop software, Nitro Pro, and its analytics product were not involved in the incident. However, this distinction offered little comfort to the tens of millions of users whose information had been exposed.
Today, Nitro Software still operates—it was acquired by a private equity firm in 2021 and continues to sell PDF tools. But for the 77 million users whose data was left exposed on the open internet, the company’s name will forever be linked to one of the most avoidable breaches in SaaS history.
The data is currently circulating publicly. If you have not changed your Nitro password since early 2021, it is unsafe to continue using the same credentials.
A developer’s personal AWS key with mongodb:Read permission was leaked in a public GitHub repo. Attackers used it to mongodump directly.
The 14 GB database dump published by attackers contained a mix of personal and account-level information. While Nitro stated at the time that there was "no evidence that sensitive or financial data" was directly involved in the breach of their primary databases, the stolen information was still extensive. The compromised data includes: Over 70 million unique email addresses.
responded by stating they had "elevated their monitoring and security protocols" and were investigating the incident. However, the delay between the breach (September 2020) and the widespread public realization (January 2021) caused significant concern among users, as reported in Mozilla Monitor . Risks to Users
Researchers who obtained samples of the leaked hashes found that:
In late 2020, Nitro Software, the company behind the popular Nitro PDF productivity suite, became the victim of a massive cyberattack. This incident quickly escalated into one of the most significant corporate data breaches of the year. It exposed the sensitive data of millions of users and dozens of Fortune 500 companies.
The stands as a pivotal case study in third-party supply chain risk, originating in September 2020 but remaining a major concern for corporate security teams due to the sensitivity of the leaked documents.
, revealing private business negotiations. The Impact on Corporate Giants
The attackers exfiltrated a user database containing approximately 77 million records. This database included: of registered users. Email addresses used to create accounts.
If you want to investigate how this breach might affect your current setup, let me know: Are you looking to ?
By early 2021, the entire database was leaked for free on hacker forums, making the information available to a wider range of threat actors. Impact and Risks
Because Nitro PDF services are widely utilized in corporate environments, the breach did not just impact individual consumers. It compromised data belonging to some of the world's largest organizations, including tech giants, global financial institutions, and government agencies. Enterprise and Supply Chain Impact
Nitro Software was acquired by PDF solutions provider Foxit in 2024 in a deal valued at approximately $278 million. The acquisition promised to leverage the combined scale of two global PDF technology leaders. It remains unclear whether the security posture of Nitro's systems has been fully reassessed under new ownership. nitro pdf data breach
User IDs, account IDs, and the titles of documents being converted (though not the document content itself). Impact on Major Organizations
| Field | Description | Cryptographic Protection | |-------|-------------|--------------------------| | email | Plaintext email address | None | | password_hash | Hash of user password | MD5 (no salt, single iteration) | | full_name | Plaintext name | None | | user_id | Numeric internal ID | None | | signup_date | Timestamp | None | | last_login_ip | IPv4/IPv6 address | None (stored in plain) | | account_type | Free/Trial/Pro | None |
The breach, which would later be identified as having occurred in September 2020, stemmed from a affecting databases linked to Nitro's free online services. The company maintained that its core desktop software, Nitro Pro, and its analytics product were not involved in the incident. However, this distinction offered little comfort to the tens of millions of users whose information had been exposed.
Today, Nitro Software still operates—it was acquired by a private equity firm in 2021 and continues to sell PDF tools. But for the 77 million users whose data was left exposed on the open internet, the company’s name will forever be linked to one of the most avoidable breaches in SaaS history. If you want to investigate how this breach
The data is currently circulating publicly. If you have not changed your Nitro password since early 2021, it is unsafe to continue using the same credentials.
A developer’s personal AWS key with mongodb:Read permission was leaked in a public GitHub repo. Attackers used it to mongodump directly.
The 14 GB database dump published by attackers contained a mix of personal and account-level information. While Nitro stated at the time that there was "no evidence that sensitive or financial data" was directly involved in the breach of their primary databases, the stolen information was still extensive. The compromised data includes: Over 70 million unique email addresses.
responded by stating they had "elevated their monitoring and security protocols" and were investigating the incident. However, the delay between the breach (September 2020) and the widespread public realization (January 2021) caused significant concern among users, as reported in Mozilla Monitor . Risks to Users It compromised data belonging to some of the
Researchers who obtained samples of the leaked hashes found that:
In late 2020, Nitro Software, the company behind the popular Nitro PDF productivity suite, became the victim of a massive cyberattack. This incident quickly escalated into one of the most significant corporate data breaches of the year. It exposed the sensitive data of millions of users and dozens of Fortune 500 companies.
The stands as a pivotal case study in third-party supply chain risk, originating in September 2020 but remaining a major concern for corporate security teams due to the sensitivity of the leaked documents.
, revealing private business negotiations. The Impact on Corporate Giants