Australian Service Provider Hacked? October 29 2020

Nitro Software user database put up for sale on dark web

TA group that uses the name Shiny Hunters appears to have put up a database exfiltrated during a data breach of ASX-listed Nitro Software, a firm that offers a service to create, edit and sign PDFs and digital documents, on the dark web for sale.

Source: Nitro Software user database put up for sale on dark web | iTWire
More reports from: iTWire.

Nitro, a company that was started in Melbourne, has been insistent that the breach is “an isolated security incident” as stated when it posted a notice to the ASX on 21 October.

However, the cyber security firm Cyble has released details about the incident, which indicate that it was much bigger than has been made out.

Alon Gal, chief technology officer of cyber crime intelligence company Hudson Rock, posted a tweet, saying that the database contained 77 million users.

“The database contains emails and hashed passwords,” he added.

Another point made by the spokesperson was that the metadata in the document database (i.e. name field) could give cyber criminals insights about who might have access to sensitive documents, such as those related to mergers and acquisitions, in an organisation.