Foxit Software suffered from data breach impacting more than 328,000 accounts

Foxit Software, known for the PDF applications such as PhantomPDF and Foxit Reader, has suffered from a data breach when the unauthorized third-parties have gained access to their data systems including the 'My Account' user data, which contains users' names, user account passwords, email addresses, phone numbers, user IP addresses, and company names.

My Account is free membership service, which enables the users to access the software trial downloads, product registration information, order histories, as well as troubleshooting information and support information.

Foxit stresses that neither the credit card nor the payment information has been exposed in this data breach incident. The company has told the SecurityWeek that this incident has impacted 328,549 users. However, the company did not mention whether the passwords were stored in readable format or were encrypted in the email that was sent to the customers or in the security advisory that was posted on Foxit Software website.

Upon discovery of this breach, the digital forensics investigation on this incident was immediately launched by Foxit's security team. The company then has invalidated account passwords for all the possibly impacted user accounts. As a result, the 'My Account' users were required to reset the passwords for regaining access to their My Account service.

"Foxit recommends its customers to not underestimate the risk of the data breach and to remain vigilant. Customers that use their Foxit "My Account" credentials on other websites or services are encouraged to change their passwords to prevent unauthorized access," Foxit said in a security notice.

In addition, Foxit Software has reported about this incident to the data protection authorities and law enforcement agencies, as well as has notified the possibly impacted users. Foxit also contacted all the affected users and notified them about risks and the steps one should take to keep the risks at minimum.

"Customers should furthermore be aware that fraudsters may use their data to gather further information by deception ('phishing')," said Foxit in the security notice.

Besides, a security management firm was hired by Foxit for conducting a detailed analysis of this data breach incident and improves their security so as to prevent such kind of incidents from occurring in the future.

» SPAMfighter News - 9/16/2019