{
	"id": "d8af0241-d8da-4ee8-830b-65ad24bf2abe",
	"created_at": "2026-04-06T00:16:28.027385Z",
	"updated_at": "2026-04-10T03:34:59.510955Z",
	"deleted_at": null,
	"sha1_hash": "6ca446a079c3a307121b03363b88f6866be3b52a",
	"title": "Hacker leaks full database of\u0026nbsp;77 million Nitro PDF user records",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1205865,
	"plain_text": "Hacker leaks full database of\u0026nbsp;77 million Nitro PDF user records\r\nBy Sergiu Gatlan\r\nPublished: 2021-01-20 · Archived: 2026-04-05 21:57:39 UTC\r\nA stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF\r\nservice users was leaked today for free.\r\nThe 14GB leaked database contains 77,159,696 records with users' email addresses, full names, bcrypt hashed passwords,\r\ntitles, company names, IP addresses, and other system-related information.\r\nThe database has also been added to the Have I Been Pwned service which allows users to check if their info has also been\r\ncompromised in this data breach and leaked on the Internet.\r\nhttps://www.bleepingcomputer.com/news/security/hacker-leaks-full-database-of-77-million-nitro-pdf-user-records/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/hacker-leaks-full-database-of-77-million-nitro-pdf-user-records/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nNitro is an application that helps create, edit, and sign PDFs and digital documents, an app that Nitro Software claims to\r\nhave over 10,000 business customers and roughly 1.8 million licensed users.\r\nNitro also provides a cloud service that customers can use to share documents with coworkers or any other organizations\r\ninvolved in the document creation process.\r\nNitro PDF user records' contents\r\nNitro's data breach\r\nThe massive Nitro PDF data breach BleepingComputer first reported last year also impacts many well-known organizations,\r\nincluding Google, Apple, Microsoft, Chase, and Citibank.\r\nNitro Software disclosed a \"low impact security incident\" on October 21, 2020, in an advisory to the Australia Stock\r\nExchange, stating that no customer data was impacted.\r\nHowever, as BleepingComputer later found, a database containing alleged info on 70 million Nitro PDF user records got\r\nauctioned together with 1TB of documents for a starting price set at $80,000.\r\nBleepingComputer was able to determine the stolen database's authenticity after confirming that known email addresses of\r\nNitro accounts were present in the auctioned database.\r\nStolen user records leaked for free\r\nNow, a threat actor claiming to be a part of ShinyHunters has leaked the full database for free on a hacker forum — the\r\nthreat actor has set a price of $3 for access to the download link.\r\nShinyHunters is a notorious threat actor known for hacking online services and selling stolen information via data breach\r\nbrokers or in private sales.\r\nPreviously, ShinyHunters said they were behind breaches at Homechef, Wattpad, Minted, Tokopedia, Dave, Promo,\r\nChatbooks, Mathway, and many others; the information proved to be true.\r\nhttps://www.bleepingcomputer.com/news/security/hacker-leaks-full-database-of-77-million-nitro-pdf-user-records/\r\nPage 3 of 4\n\nNitro PDF database leaked for free\r\nAs malicious actors can use the leaked user details to launch more credible phishing attacks or for credential stuffing,\r\naffected Nitro PDF users are strongly advised to change their passwords to a strong, unique password.\r\nUsers should switch to a unique and strong password that they don't use for any other website or online service.\r\nUsing a password manager is also recommended as it helps manage and generate unique and for different sites.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/hacker-leaks-full-database-of-77-million-nitro-pdf-user-records/\r\nhttps://www.bleepingcomputer.com/news/security/hacker-leaks-full-database-of-77-million-nitro-pdf-user-records/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/hacker-leaks-full-database-of-77-million-nitro-pdf-user-records/"
	],
	"report_names": [
		"hacker-leaks-full-database-of-77-million-nitro-pdf-user-records"
	],
	"threat_actors": [
		{
			"id": "c071c8cd-f854-4bad-b28f-0c59346ec348",
			"created_at": "2023-11-08T02:00:07.132524Z",
			"updated_at": "2026-04-10T02:00:03.422366Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "MISPGALAXY:ShinyHunters",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6f7f2ed5-f30d-4a99-ab2d-f596c1d413b2",
			"created_at": "2025-10-24T02:04:50.086223Z",
			"updated_at": "2026-04-10T02:00:03.770068Z",
			"deleted_at": null,
			"main_name": "GOLD CRYSTAL",
			"aliases": [
				"Scattered LAPSUS$ Hunters",
				"ShinyCorp",
				"ShinyHunters"
			],
			"source_name": "Secureworks:GOLD CRYSTAL",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "9041c438-4bc0-4863-b89c-a32bba33903c",
			"created_at": "2023-01-06T13:46:38.232751Z",
			"updated_at": "2026-04-10T02:00:02.888195Z",
			"deleted_at": null,
			"main_name": "Nitro",
			"aliases": [
				"Covert Grove"
			],
			"source_name": "MISPGALAXY:Nitro",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "a2b44a04-a080-4465-973d-976ce53777de",
			"created_at": "2022-10-25T16:07:23.911791Z",
			"updated_at": "2026-04-10T02:00:04.786538Z",
			"deleted_at": null,
			"main_name": "Nitro",
			"aliases": [
				"Covert Grove",
				"Nitro"
			],
			"source_name": "ETDA:Nitro",
			"tools": [
				"AngryRebel",
				"Backdoor.Apocalipto",
				"Chymine",
				"Darkmoon",
				"Farfli",
				"Gen:Trojan.Heur.PT",
				"Gh0st RAT",
				"Ghost RAT",
				"Moudour",
				"Mydoor",
				"PCClient",
				"PCRat",
				"Poison Ivy",
				"SPIVY",
				"Spindest",
				"pivy",
				"poisonivy"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "d8dff631-87b0-4320-8352-becff28dbcf1",
			"created_at": "2022-10-25T16:07:24.565038Z",
			"updated_at": "2026-04-10T02:00:05.034516Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "ETDA:ShinyHunters",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434588,
	"ts_updated_at": 1775792099,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6ca446a079c3a307121b03363b88f6866be3b52a.pdf",
		"text": "https://archive.orkl.eu/6ca446a079c3a307121b03363b88f6866be3b52a.txt",
		"img": "https://archive.orkl.eu/6ca446a079c3a307121b03363b88f6866be3b52a.jpg"
	}
}