Massive data breaches have become such a regular part of the business landscape that, in many cases, new major incidents may never make it to the mainstream headlines. While technology publications cover these incidents, the average person may not care about the effects of a breach on a business. However, every incident offers warnings and lessons for those operating their own businesses and those in charge of cybersecurity. That’s true both for improving risk assessments and identifying potential points of failure.
Late in October 2020, news broke about a potentially massive PDF document breach caused by hackers accessing behind-the-scenes servers and databases at software company Nitro. Although the company initially described the breach as “low impact” in a regulatory filing, independent journalists investigated and found the stolen files advertised for sale via a dark web auction. Samples provided by the unknown sellers online helped security researchers develop a better sense of what had happened.
Although there is no reliable way to confirm the actual contents of the databases for sale, their claims were certainly cause for concern. Hackers seemingly stole both a database of user details and actual PDF documents hosted in Nitro’s cloud service. The user database contains full names and email addresses, and also company names and even encrypted passwords. While it would be difficult to brute-force decrypt those passwords, the fact that the file is out “in the wild” is a concern for anyone affected.
Nitro continually claimed in statements to the media that no documents were compromised. However, data seen by researchers contained at least some seemingly accurate document metadata, including file names. While it is uncertain whether anyone ever purchased this treasure trove of stolen information, whoever paid the steep asking price of more than $80,000 would have possibly received documents related to businesses such as Apple, Google, Amazon, and Microsoft.
This breach demonstrates some of the inherent risks accompanying the convenience of using PDF editing software that also interfaces with cloud document storage services. Even Adobe’s services have some of these same risks associated because that company relies on AWS, or Amazon Web Services. Should one of the company’s AWS “buckets” (databases) have an improper security configuration, or if an internal security breach were to occur, there is always the potential that bad actors could steal documents and data from such services.
Kofax Power PDF offers a robust alternative. When users engage in real-time document collaboration in conjunction with Power PDF, they are not “in the cloud.” Instead, the entire process takes place on a shared local network without any need to transmit files across the internet. Kofax never stores or handles your documents, which always remain saved locally throughout the process. The only interactions with cloud storage services are those you choose to have.
With best practices applied, the risk of anyone intercepting or stealing documents shared on a local private network is very low. Anyone with unauthorized access would likely have already compromised the system, indicating a bigger problem.
Protecting your company’s data in the digital age is essential, not only for compliance but to safeguard your reputation and your business secrets. Choosing a PDF editor with the necessary features and risk-reducing solutions such as network-only collaboration means improving your security posture. Of course, the added benefits of a reliable, fully-featured document editing suite are a positive side effect, too.
Discover a secure, feature-rich solution for PDF creation, editing, and collaboration when you explore your free 15-day trial version of Power PDF today.
