Foxit Software hasn’t said how many users were ensnared in the breach, but the company claims to have 325 million users. The affected data includes users’ email addresses, phone numbers, and passwords.
UPDATE: A spokesman for Foxit Software told PCMag only 328,549 user accounts were affected in today’s disclosed breach.
PDF reader developer Foxit Software has suffered a data breach that exposed email addresses, phone numbers, and passwords associated with user accounts.
“Foxit has determined that unauthorized access to its data systems took place recently. Third parties have gained access to Foxit’s ‘My Account’ user account data,” the company said in a posting on Friday. Other data that may have been stolen includes users’ names, company names, and IP addresses.
Foxit Software hasn’t said how many users were ensnared in the breach. But the company claims to have 325 million users and 100,000 paying customers for products like PhantomPDF.
— Geeknik (•?`?´) Labs (@geeknik) August 30, 2019
Users would’ve created accounts through Foxit for access to software trial downloads, to purchase a product, and to receive troubleshooting/support information. Fortunately, no payment card data was looted in the breach, the company said.
It remains unclear if Foxit hashed any of the exposed passwords. Doing so would’ve scrambled the credentials into an unreadable format to the human eye, making them harder to crack and use. So far, the company hasn’t responded to a request for comment.
But in response to the breach, Foxit Software has issued a password reset to the affected accounts. Users should be receiving an email with instructions on creating a new password. “Customers that use their Foxit ‘My Account’ credentials on other websites or services are encouraged to change their passwords to prevent unauthorized access,” the company added. “Foxit also recommends customers to remain vigilant by reviewing account statements and monitoring credit reports to avoid identity theft.”
It’s also a good idea to be wary of phishing emails that try to impersonate Foxit or another company into getting you to hand over sensitive information or opening an attachment.
Who was behind the breach remains unknown. But the company has launched a forensics investigation and contacted law enforcement.