Data 24 million Lumin PDF users appear online after data breach

Spread the love

The data of 24.4 million users of the web service Lumin PDF has appeared online. The service is best known as an alternative way of opening PDF files in Google Drive. The database also contains Google tokens and user passwords.

It is a 2.25GB zip file with a CSV file in which users are listed, ZDNet reports. The site has confirmed the authenticity of the leak. The hacker says he contacted the company behind Lumin PDF earlier this year to fix the vulnerability, but they said they had no response.

They found the MongoDB database online in April of this year without password protection. Ransomware allegedly forced the database offline, but the hacker has not received a response from the company to his report.

In addition to usernames, the database also contains many tokens for access to a Google account. According to Nitrolabs, the company behind Lumin PDF, those tokens were no longer valid when the database appeared online, so malicious parties could not gain access to a Google account. Of 185,000 people there is an encrypted password with a Bcrypt algorithm, presumably users who have used the separate site.

Lumin PDF is used to open and edit PDF files, for example to provide them with a signature. Services that monitor whether e-mail addresses are in a data breach, such as HaveIBeenPowned and Firefox Monitor, have now sent affected users a message about the data breach. The company itself has not informed users.

You might also like