Update September 02, 13:26 EDT: A Foxit spokesperson told BleepingComputer that there were 328,549 accounts affected after "someone gained unauthorized access to data in our systems."

PDF software provider Foxit Software disclosed today that a recent breach allowed third parties to access personal identification data of 'My Account' service users, including customer and company names, emails, phone numbers, and passwords.

Foxit has sold its software to more than 100,000 customers from over 200 countries since it was founded in 2001 and it currently has over 525 million users around the world according to a press release published this month by the company.

"Foxit has determined that unauthorized access to its data systems took place recently. Third parties have gained access to Foxit’s 'My Account' user account data, which contains email addresses, passwords, users’ names, phone numbers, company names and IP addresses," says an advisory published by the company today.

No payment information exposed

According to Foxit, the free membership 'My Account' service provides its customers with access to "software trial downloads, order histories, product registration information, and troubleshooting and support information."

However, since the breached system does not store payment or credit card data, no payment information was exposed in the data breach incident for any of the affected users.

The system holds users’ names, email addresses, company names, IP addresses, and phone numbers, but does not hold other personal identification data or payment card information. Foxit does not keep customer credit card information in its systems.

The company also says that the impacted 'My Account' users were alerted of this incident via emails containing links to password reset forms to inform them of all the risks they are now exposed to.

Foxit data breach notification email (Image: Ian.H‏)

Foxit notified data protection authorities and law enforcement agencies of the breach and intends to cooperate with the agencies’ investigations.

The company hired a security management firm to lead an in-depth analysis of the security incident, to boost the company’s overall security posture, and to put in place safeguards to protect against future security incidents.

Foxit recommends its customers to not underestimate the risk of the data breach and to remain vigilant. Customers that use their Foxit “My Account” credentials on other websites or services are encouraged to change their passwords to prevent unauthorized access. Foxit also recommends customers to remain vigilant by reviewing account statements and monitoring credit reports to avoid identity theft. Customers should furthermore be aware that fraudsters may use their data to gather further information by deception (“phishing”).

BleepingComputer has reached out to Foxit for additional details on the number of users affected by the data breach, the cause of the breach, and the date it was discovered (including the time interval the user data was exposed) but had not heard back at the time of this publication. This article will be updated when a response is received.