Representatives of Foxit Software, developing the popular Foxit Reader tool, warned that unknown hackers had compromised the company’s official website and stole user data.
According to the company, the compromise occurred recently (exact dates were not disclosed) and affected personal data related to the My Account service.“Foxit has determined that unauthorized access to its data systems took place recently. Third parties have gained access to Foxit’s “My Account” user account data, which contains email addresses, passwords, users’ names, phone numbers, company names and IP addresses. No payment information was exposed”, — report Foxit Software representatives.
A free membership to My Account gives users access to “test software downloads, order history, product registration information, and troubleshooting and support information.”
As a result of the attack, company names and usernames, email addresses, phone numbers, passwords and IP addresses were stolen. It is emphasized that Foxit does not store information about the bank cards of its customers and other payment data, so that financial information is not affected.
Read also: Android malware with 1.5 million downloads secretly clicked on ads from users
Unfortunately, it is not clear how user passwords were protected. So, all victims have already been sent warning messages about what happened, as well as information about the risks that users are now exposed to.
It is also reported that the company reset the passwords of the victims, however, in these messages there is not a word about whether these passwords were hashed and salted. The fact is that if passwords were stored in clear text, attackers can use them to gain access to the accounts of victims on other sites and services if the user made a mistake and used the same password again (which is common).
Currently, the investigation of the incident is ongoing, and law enforcement agencies have already joined the case. In addition, Foxit Software engaged third-party information security experts to conduct an in-depth analysis of what happened and help the company implement additional security measures to protect it from other potential incidents of this kind.
