Nitro Pdf Data Breach !!link!! Jun 2026

Nitro's client list includes over 10,000 businesses and claims roughly 1.8 million licensed users. This breach was so significant that it affected some of the biggest names in the global economy.

Following the breach, the stolen data made its way to the dark web. A threat actor began selling the user and document databases, along with 1TB of documents allegedly stolen from Nitro Software's cloud service, in a . The hacker group responsible for the attack was identified as ShinyHunters , a cybercriminal gang notorious for hacking online services and selling stolen information via data breach brokers. Previously, ShinyHunters had been linked to breaches affecting Homechef, Wattpad, Tokopedia, Dave, Chatbooks, and numerous others.

This public link is valid for 7 days and shares a thread, including any personal information you added. This link or copies made by others cannot be deleted. If you share with third parties, their policies apply. Can’t copy the link right now. Try again later.

Under GDPR, companies must report breaches within 72 hours and can be fined up to €20 million or 4% of global annual turnover. Nitro notified users weeks after discovery, which could attract scrutiny from the Irish Data Protection Commission or other EU supervisory authorities. nitro pdf data breach

Nitro reset passwords in 2020, but if you haven’t logged in since, your account may still be vulnerable. Go to and change your password to a new, unique, strong password (16+ characters, using a password manager).

If you used Nitro PDF or Nitro Cloud prior to October 2020, you should assume your data was compromised. You can verify this using the following steps:

In a separate but equally troubling incident, the —a small municipality sharing only a name with the software company—fell victim to a data breach of its own. Unlike the technical misconfiguration that afflicted Nitro Software, this breach resulted from a simple and all‑too‑common human error: a successful phishing attack. Nitro's client list includes over 10,000 businesses and

Cybersecurity researchers spotted the stolen database—weighing roughly 14 gigabytes—being auctioned on dark web forums with a starting bid of $80,000 , bundled alongside alleged document titles.

Be highly skeptical of unexpected emails asking you to click links, download attachments, or provide sensitive personal information. Conclusion

| | What They Did Wrong | |-------------------------|-------------------------| | Secured database within 24 hours of disclosure | Did not immediately notify users upon discovery | | Used bcrypt hashing for passwords | Legacy database was exposed for an unknown period (possibly weeks) | | Forced password resets for all users | Initial disclosure was via third-party researchers, not proactive | | Published a security advisory | No public breach portal for users to check individual status | A threat actor began selling the user and

| | Event | | --- | --- | | September 2020 | Nitro PDF database is initially compromised by a third party. | | October 21, 2020 | Nitro Software publicly acknowledges a "low-impact security incident" to the Australian Stock Exchange, insisting that no customer data was impacted. | | Late October 2020 | BleepingComputer reports that a database containing 70 million user records and 1TB of documents is being auctioned on the dark web for $80,000. | | November 20, 2020 | A person claiming to have the data publishes 2.6 million email addresses and hashed passwords, including over 4,000 '.nz' addresses. | | January 20, 2021 | A hacker affiliated with the "ShinyHunters" group leaks a 14GB database containing over 77 million user records on a hacker forum, making it freely available to anyone willing to pay a nominal $3 fee for access. | | January 19, 2021 | The breach is officially added to the Mozilla Monitor breach database. |

Sensitive document metadata revealing M&A activities, NDAs, and financial data.

The occurred in September 2020 , compromising the data of over 77 million users and exposing corporate details of major tech giants. The attack, orchestrated by the notorious cybercriminal group ShinyHunters , initially targeted an isolated database used for Nitro’s cloud-based logging services.