SoylentNews

upstart writes:

Submitted via IRC for Bytram

Company behind Foxit PDF Reader announces security breach

Foxit Software, the company behind the Foxit PDF reader app, said today that hackers breached its servers and have made off with some user information.

ZDNet learned of the breach from a Foxit customer who shared a copy of the email the company is sending out to affected users, asking them to choose new passwords when logging in the next time.

According to this email, the security breach impacted the company's website, and, namely, information stored in the My Account section.

Foxit web accounts are how the company manages its existing customers and is where users can access trial software, download purchased products, and access order histories.

Foxit said hackers managed to access MyAccount data such as email addresses, passwords, real names, phone numbers, company names, and IP addresses from which users logged into their accounts.

Due to the presence of IP addresses in the data hackers managed to access, this is believed to be a breach of Foxit's backend infrastructure, rather than a credential stuffing attack.

A Foxit spokesperson could not be reached for additional clarification.

The biggest mystery is if Foxit had protected customer passwords through a process called hashing and salting. Hashing and salting a password string prevents an attacker from being able to read it in plaintext.

The email sent to customers and a security advisory posted on the Foxit Software website did not mention if passwords were either hashed and salted.

Original Submission