Data breach at Foxit Software; hackers steal users’ information

A new data breach incident has been reported. According to information security services specialists, Foxit Software, developers of the popular PDF reader app Foxit, has suffered a security incident in which its servers were compromised by a group of hackers who managed to extract users’ information.

The company hasn’t made any official statements about the incident; nevertheless, one of the users contacted the specialized platform ZDNet, sharing a copy of the security alert that the company sent via email to the compromised users, requesting them to reset their Foxit account access credentials.

“We have detected an unauthorized access to some of our data systems, including user accounts. The data that users have entered into our website to create and access their accounts could have been compromised by unknown hackers,” mentions the security alert sent by Foxit Software.

According to information security services specialists, data from compromised Foxit accounts include:

  • Usernames
  • Email addresses
  • Phone numbers
  • Company’s name
  • User passwords
  • IP addresses

The company states that the payment card information of its customers is safe, as this data is operated by a certified third party. Using their Foxit accounts, the company’s customers can request free trials of this service, purchase and download digital material, and view their purchase or inquiries history.

After this information was leaked, various members of the cybersecurity community began to raise the possibility of hackers accessing these accounts using a credential stuffing attack. However, information security services specialists believe that because hackers were able to access users’ IP address data, it should have been an attack on the company’s backend infrastructure. Experts are still expecting further reports from Foxit Software to left speculation aside.

The main question in this case is whether the company protected users’ passwords using a process known as “hashing”, which consists of a sequence of random alphanumeric characters that prevent hackers from accessing a password in plain text. The security alert sent to Foxit users only mentioned that users’ passwords were exposed; it does not specify whether they were protected with hash.

In the event that Foxit passwords do not have this protection, hackers could easily access these accounts or, even worse, they could use them to perform credential stuffing attacks on other platforms, such as email accounts or social media profiles.

For the information security services specialists from the International Institute of Cyber Security (IICS), it is also worrying that the company did not even mention a rough date of the incident. If this happens to be a very old breach, it would be of little use to implement measures such as password reset. Foxit is presumed to have already hired the services of a security firm to keep investigation the incident.