Foxit forcing customer password resets after data breach

Foxit Software is forcing its customers to reset their passwords in response to an unauthorized party gaining access to user accounts.

The company, which makes PDF Reader and PDF Edit, did not say when it discovered the data breach, but made its first public report on the incident on August 30. Those affected participate in Foxit’s free “My Account” membership program which gives customers access to software trial downloads, order histories, product registration information, and troubleshooting and support information. Exposed information includes email addresses, passwords, users’ names, phone numbers, company names and IP addresses, but no payment.

“Foxit’s security team has immediately launched a digital forensics investigation. The company has invalidated the account passwords for all potentially impacted accounts, requiring users to reset their passwords to regain access to the My Account service,” the company said in a security advisory.

The number of customers involved and the methodology used to access the data was not revealed. Foxit said all affected customers have been notified along with law enforcement and the company has retained an outside security firm and has launched an investigation into the data breach.