Urgent Security Warning – Nitro PDF

CERT NZ have issued a warning about Nitro PDF.  It’s a common PDF tool that users log into to share documents. 

Unfortunately, there are reports that hackers have breached their database

We’re being told that “Nitro PDF, a PDF enterprise document creation and sharing web application, has experienced a significant data breach. A person claiming to be in possession of this data has published 2.6 million email addresses and hashed passwords, including over 4,000 .nz email addresses. CERT NZ understands there has been further data released in this breach, the details are not yet confirmed. CERT NZ cannot verify the authenticity of this data.”

You can read the full report here  : Nitro PDF users’ email addresses and hashed passwords leaked | CERT NZ

Interestingly, when I looked on the Nitro PDF website, I could find no reference to this event

We know a few clients have Nitro PDF in use.   It tends to be something people have informally and we don’t always know everyone with it.  For clients on KARE, we are able to identify machines and we will be in touch where we see it in use to work with you.

We note that CERT NZ recommend a password manager like  KARE Password Vault