Nitro PDF Breach: From paid breach to a free dump breach

January 21, 2021
nitro pdf data breach free dump dark web forum

It has been a while since we heard the news about the Nitro PDF breach again. Yesterday, numerous media sites concerned on cybersecurity highlighted that the Nitro PDF breach was dumped by a threat actor in a notorious criminal breach forum. The known Shinyhunters famous for providing data dumps were tagged by the seemingly new account in this forum as the Robinhood who gave the leaks for free.


NitroPDF Breach free dump breach image 1


A month ago, during our Dark Web monitoring activities, our threat intelligence specialists saw a similar dump within a dark web-based Bin site offering the dumps for free! When we clicked the link to download the said leak, we were redirected to a page from there we were lead to download the Free Dumps. Our point is the dumps seem to have been dumped by ShinyHunters earlier a month ago before the mainstream cyber news sites caught up. What we see in this notorious forum is a reupload of the free dumps. How do we know? During our undercover operations to download the leaked files, we compared how this download differs from what we downloaded a month ago. Surprise! it was identical. We thought the files presented included the 1 TB worth of documents itself.


What are the contents of the exposed Nitro PDF leaked files?


NitroPDF Breach free dump breach image 2


First of all, let’s discuss the files contained in the breach. The files are divided into three files because their contents differ. Let us enumerate the file names according to the screenshot shown above.

  1. Nitro_acc-details.tsv
  2. Nitrocloud.tsv
  3. Nitro_documents.tsv

We validated the files and found out that the above screenshots match the breach we obtained a month ago. All the files have the extension of .tsv which cannot be opened by ordinary text or document reader file. Yet our experts successfully opened them. We are still researching the affected people and organizations of the breach. We can say that the reach of the breach is global, but it is also noticeable that the Financial industries from India, the Middle East, and South Africa were affected. The breach surprisingly contained names of C-Level personnel of different organizations, which may further endanger their organization because such data can be utilized for further attacks that may lead to phishing and identity theft.


The lines are gibberish and unreadable

While it may be true that the only recognizable attribute in the Nitro PDF breach is the first and last names, emails, subscription status and file names, we must not undermine the severity of the breach. It is necessary to find out the people and users affected to warn them to update their information and credentials to avoid ending up as credential-stuffing victims.

iZOOlogic continuously scans the dark web for any breach that may affect different industries, thus keeping the stakeholders in the loop through our Dark Web Solutions to allow the affected businesses and key-people to take necessary mitigations. Pre-emptive action against potential cybercrime activities goes a long way that will secure the brand and online reputation.

About the author

Leave a Reply