Foxit Software, the PDF software provider behind the Foxit PDF reader app, recently announced that its servers were breached by bad actors, with email addresses, passwords, and phone numbers, among other data, being subjected to unauthorized access. Given the presence of IP addresses in the accessed data, this may be a breach of Foxit’s backend infrastructure, rather than a credential stuffing attack. Foxit Software has begun notifying affected users, and has initiated a password reset.
In the wake of a breach, affected customers should remain observant: keep an eye out for suspicious phishing emails, review account statements and credit reports, and use unique, complex passwords on all accounts.
Foxit does not appear to be sporting the latest security thinking, at least in practice. In days prior to the breach, for example, the company received a ribbing on Twitter for its password-reset system, which mandates that users set a password between six and 20 characters, that must include at least one number or special character.