- Foxit software told its customers that their account data got stolen by hackers.
- The passwords of the people could be hashed, but the company hasn’t clarified that crucial detail.
- Users will now have to reset their passwords to access their Foxit Software accounts again.
Foxit Software, the company behind the popular free PDF reader that is used by millions, has announced a security incident which spilled out the personal information of their customers. The company has sent notification emails to the compromised users, informing them of unauthorized access to some of its data systems. The company assumes that the hackers have stolen the registered user names, email addresses, company names, phone numbers, user account passwords, and even the IP addresses of the customers. The hackers targeted the “My Account” section of the website specifically, so this was a focused breach.
The steps that were taken by Foxit include the deactivation of the credentials that correspond to the compromised accounts and is now urging users to follow the provided link in order to reset their passwords. Moreover, the company has notified the law enforcement agencies of the data breach and has already hired an external infosec expert firm to help them with the investigation. What hasn’t been clarified however is whether the exposed passwords were hashed or not, as there is nothing on that in the notices that were circulated.
If the passwords were in plaintext form, then the hackers could use them in credential stuffing attacks on other platforms. That said, if you are using the Foxi password on other websites and online services, now is the time to change it universally, otherwise, you are risking an account takeover incident. Remember, using a password manager will help you generate and use unique, strong passwords without having to remember anything.
Now, while the Foxit PDF Reader is free to download and use, and while the platform’s “My Account” is also a free membership service that helps users register their products and get access to support, we see that nothing comes without some kind of a cost. If your trust to them has been irreversibly damaged, you may pick up and use another free PDF reader. A good choice would be the open-source “Evince”, which can open e-book file types too. Moreover, if you’re using the Chrome browser, you already have a PDF reader installed on your system. The fewer tools you are using, the lower the risk you are running.