Trending Post: Glowforge vs. xTool - Which One is BETTER?
Nitro Pdf Data Breach [top] Jun 2026
California residents whose unencrypted email addresses and passwords were stolen can sue for statutory damages between $100 and $750 per incident, plus injunctive relief. The class-action lawsuit filed in 2021 cited CCPA violations.
On January 21 of the relevant year, a city accounting employee received an email that appeared to come from "Dave Casebolt"—similar to Mayor David Casebolt's name—but originated from a Gmail address rather than the city's official domain. The email read: "I hope you have not become too involved. Kindly copy me copies of 2024 W2 (PDF) of all staff for a quick review."
The breach was not a sophisticated nation-state attack. Instead, it was a classic “low-hanging fruit” exploit:
On October 21, 2020, Nitro Software Inc., an Australian document productivity company, issued a brief advisory to the Australian Stock Exchange. The company disclosed what it characterized as "an isolated security incident involving limited access to a Nitro database by an unauthorised third party." According to Nitro, the affected database supported certain online services and was used for storing information related to the company's free online products. Crucially, the company asserted that no customer documents had been compromised and described the breach as a "low impact security incident." nitro pdf data breach
Following the breach, the stolen data made its way to the dark web. A threat actor began selling the user and document databases, along with 1TB of documents allegedly stolen from Nitro Software's cloud service, in a . The hacker group responsible for the attack was identified as ShinyHunters , a cybercriminal gang notorious for hacking online services and selling stolen information via data breach brokers. Previously, ShinyHunters had been linked to breaches affecting Homechef, Wattpad, Tokopedia, Dave, Chatbooks, and numerous others.
Data associated with some of the world's largest organizations, including Google, Apple, and Microsoft.
Nitro PDF data breach , which occurred in September 2020 , was a major cybersecurity incident that exposed over 77 million user records The email read: "I hope you have not become too involved
What turned the Nitro PDF breach from a standard credential leak into a high-stakes security crisis was the pedigree of Nitro's client roster. Nitro’s software is used by some of the largest organizations in the world.
If you have a Nitro PDF Pro account (especially one created before October 2020),
The 14 GB database dump published by attackers contained a mix of personal and account-level information. While Nitro stated at the time that there was "no evidence that sensitive or financial data" was directly involved in the breach of their primary databases, the stolen information was still extensive. The compromised data includes: Over 70 million unique email addresses. The company disclosed what it characterized as "an
Force employees to use unique, complex passwords for every single platform, ensuring a breach at one vendor does not create a domino effect.
The attackers also accessed approximately 18,000 to 19,000 documents stored on Nitro's cloud servers.
To help me tailor any further security advice, are you checking this for your or on behalf of a business network ? Share public link
Pineapple Paper Co./Charynn Olsheski is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and links to Amazon.com. As part of this Amazon Associates program, the Website will post customized links, provided by Amazon, to track the referrals to their website. This program utilizes cookies to track visits for the purposes of assigning commission on these sales. As an Amazon Associate I earn from qualifying purchases.