Cybersecurity blog header

Pdf converters, playing with fire

Pdf converters can become a problem for companies

Online tools that convert docs or ppts files into pdfs can become a data drain for companies. 77 million of data are sold these days in several black markets for 80.000 euros from the theft of data from Nitro PDF

It’s a daily process for millions of companies around the planet. An executive drafts a contract with a client, an offer for an award process, a report with the strategic plan for the next three years… And he decides to convert that Word or PowerPoint file into a pdf. To do so, go to one of the many online platforms that can be found on the Internet: iLovepdf, Nitro PDF, Smallpdf, Pdf2go… Unknowingly, the executive may just blaze a trail that will trigger a massive leak of highly valuable data. Those are the pdf converters, the danger of playing with fire.

The risk of pdf tools. Keeping our files safe

The recent attack suffered by Nitro PDF has once again highlighted a risk that the cybersecurity community has been warning about for years. PDF converters are a very useful tool, but they should not be used lightly. Of course never for delicate documentation.

In Nitro’s case, the company suffered a security incident late last year. Cibercriminals took 77 million of data that the platform had stored in the cloud. Files of thousands and thousands of companies around the planet that every day use the tool for their internal protocols.

Proposals for mergers and acquisitions, financial reports, detailed reports on product launches… The titles of the stolen documents are eloquent enough about the delicacy of the information that Nitro PDF was uploading every day.

Among the companies affected by the theft of data are giants like Google, which had created more than 3.600 employee accounts with 32.000 documents, Apple (584 accounts and 6.405 files) and Microsoft (3.330 accounts and 2.390 documents).

Nitro’s is one of the biggest corporate information leaks in recent years. Those 77 million records have appeared these days for sale in black markets for about 80,000 euros.

An ocean of data in which one would have to dive, certainly, but from which everything indicates that very striking conclusions could be drawn about the strategies of competing companies, price policies, products researches

Controlling the use of cloud-based pdf converters

About this problem, Javier Rodríguez, head of Cyber Intelligence at Tarlogic, considers that companies should be very careful when deciding what information to upload to pdf converters. «The manager, the secretary or any employee must bear in mind that files uploaded to the online converter will remain in the cloud, within the platform. So, any assault that it may suffer could end up generating a very great damage».

In that sense, Rodríguez understands that the immediacy and advantage of having information stored in the cloud leads companies to work with these pdf converters. But he insists that executives must be careful when assessing what can and can’t pass through that filter.

«It’s an evidence these platforms are useful. We are not saying they should not be used, but they are not suitable for the sensitive information that companies have», he clarifies.

In order to avoid this incidents, organizations should have its own pdf conversion tools. Word or PPT, for example, offer a pdf saving option that allows you to bypass online converters.

Think and prevent. A very simple formula that, transferred to the day to day of the company, can save you a lot of trouble over time.

Discover our work and cybersecurity services at