Hackers sell 4000 .nz email addresses, passwords stolen from popular app

Source: 1News

A popular PDF app which last month had millions of emails and passwords leaked in a significant data breach has today revealed a further breach than previously reported.

Close-up image of software engineer typing on laptop

On November 20, a person claimed to be in possession of 2.6 million email addresses and hashed passwords from Nitro PDF, an application which allows users to create, edit and sign PDF files, cyber security organisation CERT NZ said in an alert this afternoon.

Of that figure, over 4000 were .nz email addresses.

CERT NZ today said it now understands there was a further breach, after attackers claimed to have put a terabyte of documents stored on the service for sale online.

Metadata for the documents have been shared publicly, strongly indicating the attackers have the documents in their possession, CERT NZ said. 

CERT NZ was unable to verify the authenticity of the data.

"At this point CERT NZ has no reason to believe that the attackers intend to release these publicly," CERT NZ said in an alert.

"However, CERT NZ is encouraging organisations to consider what the implications would be if the documents were released."