Nitro Pdf Data Breach -

In September 2020, Nitro Software, a leading provider of PDF and digital document solutions, suffered a major data breach that exposed the personal information of over 77 million users. While the company initially categorized the event as a "low impact security incident," subsequent leaks on hacker forums revealed the true scale and severity of the exposure. Overview of the Nitro PDF Data Breach

Step 2: Change Any Reused Passwords

If you used your old Nitro password anywhere else—especially on email, banking, or cloud storage—change those passwords immediately. This is the single most important action. nitro pdf data breach

• Offer credit monitoring for affected individuals
• Publicly name the third-party researcher who discovered the bucket (Diachenko asked for credit, but Nitro omitted him in official statements)
• Disclose the breach to affected users within 72 hours as required by GDPR (it took nearly a month)

What was NOT stolen?

• Full credit card numbers or payment card credentials
• The actual content of your PDF files (only filenames)
• Plaintext passwords

Table 2: Product metadata (user_meta)

• License keys (partially redacted but crackable)
• Organization names for business accounts
• Integration tokens for cloud storage (Google Drive, Dropbox)
• E-sign document IDs (not contents)

CCPA Private Right of Action (California)

California residents whose unencrypted email addresses and passwords were stolen can sue for statutory damages between $100 and $750 per incident, plus injunctive relief. The class-action lawsuit filed in 2021 cited CCPA violations. In September 2020, Nitro Software, a leading provider