Foxit Software suffers data breach impacting over 328K accounts
- The compromised 'My Account' user data includes usernames, email addresses, company names, phone numbers, user account passwords, and user IP addresses.
- The company has invalidated the account passwords for all potentially impacted user accounts.
What is the issue?
PDF software provider Foxit Software suffered a data breach after unauthorized third parties gained access to its data systems including ‘My Account’ user data. A spokesperson for Foxit noted that the incident has impacted nearly 328,549 accounts.
What information was compromised?
The compromised ‘My Account’ user data includes usernames, email addresses, company names, phone numbers, user account passwords, and user IP addresses. However, no payment card information was compromised.
My Account is a free membership service that enables users to access software trial downloads, order histories, product registration information, and troubleshooting and support information.
What actions have been taken?
- Upon discovery, Foxit’s security team immediately launched an investigation on the incident.
- Foxit reported the incident to law enforcement agencies and data protection authorities and has notified the potentially impacted users.
- The company then invalidated the account passwords for all potentially impacted user accounts. This would require ‘My Account’ users to reset their passwords to regain access to the service.
- Additionally, the company has hired a security management firm to conduct an in-depth analysis of the incident and improve its security in order to prevent such incidents from happening in the future.
“Foxit recommends its customers to not underestimate the risk of the data breach and to remain vigilant. Customers that use their Foxit “My Account” credentials on other websites or services are encouraged to change their passwords to prevent unauthorized access,” Foxit said in a security notice.
“Customers should furthermore be aware that fraudsters may use their data to gather further information by deception ('phishing'),” Foxit added.