Nitro PDF Breach Exposes 70 Million Email Addresses
Nitro's PDF service disclosed a breach exposing over 70 million email addresses and document titles, now circulating on hacking forums.
Nitro, the online service millions of people use to convert and sign PDFs, disclosed today that it was breached last month. The damage: more than 70 million unique email addresses, plus the titles of documents users had converted through the service, are now sitting in a stolen database that’s been making the rounds on hacking forums.
If you haven’t heard of Nitro by name, you’ve probably used it anyway. It’s one of those background-infrastructure tools that businesses plug into their document workflows — signing contracts, converting reports, exporting files from web forms. That ubiquity is exactly why this breach is worth paying attention to even if you don’t personally remember signing up.
Why document titles matter more than you’d think
An email address on its own, leaked in a breach, is a nuisance — you’ll get some spam, maybe a stuffing attempt against reused passwords. But pair that email with the title of a document someone converted, and you’ve handed an attacker a hook for a much more convincing phishing email. Think about what people actually run through PDF tools: signed contracts, tax paperwork, loan documents, HR files, medical forms. A subject line referencing the exact document you uploaded last spring is a different animal than a generic “your account has been suspended” email. It reads as legitimate because it is accurate — just stolen accuracy.
This is the same pattern we’ve seen play out with other breaches this year: the raw data itself isn’t always the dangerous part, it’s the context that makes follow-on social engineering effective. A breach that “only” exposes an email address list would be bad. One that pairs addresses with plausible, personalized bait is worse.
What to actually do about it
If you’ve used Nitro’s free or paid tools at any point, assume your email is in this dataset. A few concrete steps:
- Be suspicious of emails referencing specific documents you’ve converted or signed, especially ones asking you to “review,” “re-sign,” or “download an updated copy.”
- Don’t click links in unsolicited document-related emails — go to the source application directly instead.
- If you reused a password on Nitro anywhere else (you shouldn’t, but plenty of people do), change it now.
- Turn on two-factor authentication wherever these accounts support it.
Nitro says it’s investigating, which is the standard line at this stage, and there’s no indication yet of exactly how the intrusion happened. What’s already clear is that a database with 70 million-plus records and file metadata attached is a meaningful asset for anyone running phishing campaigns at scale, and it’s now out in circulation rather than sitting behind Nitro’s walls. Expect a wave of document-themed phishing emails referencing this leak in the coming weeks — treat anything that seems to know a little too much about a file you once uploaded with extra suspicion.