Security Experts:

Over 328,000 Users Hit by Foxit Data Breach

PDF solutions provider Foxit last week informed customers that it had recently detected unauthorized access to data associated with its “My Account” service.

The company told SecurityWeek that the incident impacted 328,549 users. The compromised data includes names, email addresses, passwords, phone numbers, company names, and IP addresses, but payment information was not exposed.

The My Account passwords of affected users have been reset and a security management firm has been called in to investigate the incident and help Foxit protect its systems against future attacks.

“Foxit has notified law enforcement agencies and data protection authorities and is destined to cooperate with the agencies’ investigations,” the company said.

My Account is a free service that Foxit customers can use to access software trial downloads, product registration information, order histories, and troubleshooting and support information. Foxit says this service stores names, email addresses, company names, phone numbers, and IPs, but payment information is not stored on the company’s systems.

“Customers that use their Foxit ‘My Account’ credentials on other websites or services are encouraged to change their passwords to prevent unauthorized access. Foxit also recommends customers to remain vigilant by reviewing account statements and monitoring credit reports to avoid identity theft. Customers should furthermore be aware that fraudsters may use their data to gather further information by deception (‘phishing’),” Foxit told customers.

Foxit says it has over 525 million users and claims to have sold its products to more than 100,000 customers across 200 countries.

Related: Citrix Completes Investigation into Data Breach

Related: Code Execution Flaws Patched in Foxit PDF Reader

Related: Foxit Reader Update Patches Over 100 Vulnerabilities

Related: OSIsoft Warns Employees, Contractors of Data Breach

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.