Cyber Incident Victim: Foxit Software

Foxit Software announced a security breach on August 30, 2019, impacting customer accounts on its website. The breach targeted the My Account section of Foxit’s infrastructure, which stored customer data used to access trial software, download purchased products, and review order histories. Attackers gained unauthorized access to this system and exfiltrated user information including email addresses, passwords, real names, phone numbers, company names, and IP addresses associated with account logins. The presence of IP addresses in the stolen data indicated a compromise of Foxit’s backend systems rather than a credential stuffing attack. Foxit invalidated all passwords for affected accounts and instructed users to reset credentials upon their next login attempt. The company confirmed no financial data was accessed but did not disclose whether compromised passwords were protected through hashing and salting—a critical omission that left users uncertain about whether attackers could view passwords in plaintext.

The timeline of the breach remained undetermined, as Foxit provided no specifics on when the intrusion occurred or when it was discovered. This ambiguity raised concerns that attackers might have had extended access to stolen data if the breach predated its announcement by weeks or years. Foxit engaged a third-party forensic firm to investigate the incident and notified law enforcement and data protection authorities. The company’s public advisory and customer notifications omitted technical details about the attack vector, remediation steps beyond password resets, or evidence of data misuse. Customers faced heightened risks of credential-based attacks on other platforms if they reused compromised passwords, particularly if those passwords were stored without adequate cryptographic safeguards. Foxit’s response focused on operational containment through credential invalidation but left unresolved questions about security practices and breach chronology.