Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Welcome Guest!

Join us now to get access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, and so, so much more. It's also quick and totally free, so what are you waiting for?

Sign in to follow this  

Foxit Software reveals data breach that exposed users' email addresses, passwords and more

1 post in this topic

Foxit Software reveals data breach that exposed users' email addresses, passwords and more


Hidden Content

    Like this post to see the hidden content.



Foxit Software has revealed that it "recently" suffered a security breach in which private user data was exposed to unnamed third parties. Those whose account have been affected are being contacted and "encouraged to change their passwords".

The company -- famed for PDF applications such as Foxit Reader and PhantomPDF -- does not say when the incident took place, nor how many users are affected, but it explains that "My Account" section of user accounts was exposed. This includes data such as email addresses, passwords, users' names, phone numbers, company names and IP addresses, but not payment information.


In emails sent out to those affected by the breach, Foxit fails to say whether passwords were hashed and salted, or if they were stored in plain text. The company explains that the "My Account" section is a "free membership service that gives customers access to software trial downloads, order histories, product registration information, and troubleshooting and support information. The system holds users’ names, email addresses, company names, IP addresses, and phone numbers, but does not hold other personal identification data or payment card information. Foxit does not keep customer credit card information in its systems".

The company warns users to be vigilant for phishing and identity theft.

In a statement posted on its website, Foxit says:


Foxit has determined that unauthorized access to its data systems took place recently. Third parties have gained access to Foxit's "My Account" user account data, which contains email addresses, passwords, users' names, phone numbers, company names and IP addresses. No payment information was exposed.

Foxit's security team has immediately launched a digital forensics investigation. The company has invalidated the account passwords for all potentially impacted accounts, requiring users to reset their passwords to regain access to the My Account service. Foxit has notified law enforcement agencies and data protection authorities and is destined to cooperate with the agencies' investigations. In addition, the company has hired a security management firm to conduct an in-depth analysis, strengthen the company’s security posture and protect against future cyber security incidents.

Foxit has contacted all affected users and informed them about the risks and what steps to take to keep risks at a minimum.


On Twitter, Foxit Software faced criticism for limiting new passwords to 20 characters. The company has also been criticized for failing to give details of when the security breach took place, and ZDNet speculates that the attack was a server hack rather than an example of credential stuffing.

  • Like 2

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this