A massive data breach suffered by the Australian company Nitro, maker of the popular Nitro PDF service, impacted many well-known organizations, including Microsoft, Google, Apple, Amazon, Chase, and Citibank.
Nitro disclosed the data breach on its web site on On October 21, 2020. The breach advisory classified it as “low impact security incident”. However, Cybersecurity intelligence firm Cyble has shared details hinting at Nitro downplaying the incident. They found a threat actor seeing a 1TB database of documents, and 70 million user records that include email address, bcrypt hashed passwords, full names, IP addresses, company names, and other user data, for $80,000.
From the samples of the database, the document titles alone disclose a great deal of information about financial reports, M&A activities, NDAs, and product releases.
Read more about it here.