Foxit Software which is the company behind the popular lightweight Foxit PDF reader and Phantom PDF applications, reported that the hackers have breached its servers and stole some user information.
A Foxit customer shared a copy of the email the company was sending to its affected users, asking them to change their passwords while logging in the next time.
According to this email, the security breach affected the company’s website, and also the information stored in the My Account section.
The company manages its existing customers using the Foxit web accounts and the users can access trial software, download purchased products, and access order histories through this section.
The hackers managed to access MyAccount data such as email addresses, passwords, real names, phone numbers, company names, and IP addresses from which users logged into their accounts.
This breach is considered to be of Foxit’s backend infrastructure, rather than a credential stuffing attack.
It is not sure whether Foxit had protected customer passwords through hashing and salting method which prevents an attacker from being able to read it in plaintext.
It was not mentioned in the email sent to customers or in the security advisory posted on the Foxit Software website whether the passwords were hashed and salted.
If the passwords were available in cleartext, then it becomes easier for the hackers to gain access to users’ accounts on other websites, if they used the same passwords on multiple sites.
The company invalidated all passwords for customers who were believed to be affected by the security breach.
Since Foxit did not mention the date of the security incident it is not known when this breach has actually occurred.
The company confirmed that the hackers did not access any financial information. They are working with a forensic firm to do further investigation and had already notified law enforcement and data protection authorities.
Those users with an online account with Foxit Software are highly recommended to reset their account password immediately.