A group of cyber criminals is reportedly auctioning a massive repository of 1TB worth of documents that it claims to have stolen from the popular Nitro PDF service after hacking into the company’s cloud service.
Cyble, a cyber risk intelligence firm that runs the breach reporting service AmIBreached[.]com, recently told Bleeping Computer that cyber criminals have put up a massive repository for sale in a private auction that contains up to 1TB of PDF documents as well as around 70 million user records such as names, email addresses, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related data.
The hackers, who put up the massive repository for sale, claim to have stolen the data from Nitro Software’s cloud service. The data is particularly sensitive as Nitro, whose Nitro PDF service lets users create, modify, and sign PDF documents, serves over ten thousand businesses, and boasts over 1.8 million licensed users worldwide.
According to Cyble, a number of the world’s largest technology companies use Nitro’s services to create and maintain PDF documents such as product releases, non-disclosure agreements, contracts, and M&A activities. The firm found that the breached repository contains over 17,000 documents belonging to Amazon, over 6,000 belonging to Apple, around 137,000 belonging to Citi, over 32,000 belonging to Google, and 2,390 PDF documents belonging to Microsoft.
A large number of documents that are part of the breached repository contain a large number of user records such as the names, email addresses, bcrypt hashed passwords, titles, company names, and IP addresses. Each document also contains information such as its title, whether it is public, whether it is signed or created, and what account is associated with the document.
Nitro says it suffered a security incident but no user data was compromised
Cyble’s discovery took place not long after Nitro disclosed in an advisory to the Australia Stock Exchange that it suffered an isolated security incident that involved an unauthorised party gaining limited access to a Nitro database.
“The relevant database supports certain Nitro online services and has been used primarily for the storage of information connected with Nitro’s free online products. The database does not contain user or customer documents,” the company said.
“There is no evidence currently that any sensitive or financial data relating to customers have been impacted or that any information has been misused. Nitro has elevated its monitoring and security protocols and has not identified any further malicious activity connected to this incident,” it added. It is not known if the data being auctioned online is connected with the security incident disclosed by the PDF service.
Commenting on hackers obtaining tens of thousands of corporate PDF documents and user data and selling them to the highest bidder, Pravin Rasiah, VP of Product at CloudSphere, told TEISS that if companies lack awareness about cloud security policies or are not proactive in enforcing such policies, it’s more likely that malicious actors will target and exploit the system to compromise sensitive information.
“Complete visibility into the cloud environment combined with proper cloud governance is critical to preventing data breaches and protecting customer data. Businesses should invest in a comprehensive set of security tools that monitor and control security status in real-time, minimising the potential attack surface and providing holistic observability into the cloud environment,” he added.