Security flap forces mass password reset

Developers behind the popular Foxit PDF reader software package have warned users about a data breach that may have exposed a rich trove of personal information.

Miscreants accessed Foxit Software’s ‘My Account’ user account database and accessed signup data.

Information including email addresses, phone numbers, passwords, usernames, and user IP addresses may have been exposed as a result of the breach.

Fortunately, no credit card or other payment information was compromised as a result of the incident, according to a breach notification from Foxit Software.

The vendor has reset user passwords as part of an ongoing incident response that has involved notifying law enforcement and data protection authorities.

The breach notice implies that Foxit failed to protect user passwords through hashing and salting – an industry-wide security precaution.

The Daily Swig has approached Foxit Software for clarification on this point as well as an estimate on the number of users affected by the breach. We’ll update this story as and when more information comes to hand.

Foxit’s ‘My Account’ membership service gives customers “access to software trial downloads, order histories, product registration information, and troubleshooting and support information”.

Users of Foxit’s free-of-charge PDF reader are not obliged to register with the service, and therefore mostly unaffected by the security incident.

Foxit Software should not be confused with the similarly named Fox-IT, a security intelligence and computer forensics business that’s part of NCC Group.

RECOMMENDED VLC developer debunks reports of ‘critical security issue’ in open source media player