ShellCodeX Breach Report
Lumin PDF Data Breach
luminpdf.com
Verified breach
Passwords exposed
Accounts exposed
15,453,048
Breach date
01 Apr 2019
Added to tracker
18 Sep 2019
Data classes
7
What happened
In April 2019, the PDF management service Lumin PDF suffered a data breach. The breach wasn't publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum. The data had been left publicly exposed in a MongoDB instance after which Lumin PDF was allegedly been "contacted multiple times, but ignored all the queries". The exposed data included names, email addresses, genders, spoken language and either a bcrypt password hash or Google auth token.
Exposed data
Auth tokens
Email addresses
Genders
Names
Passwords
Spoken languages
Usernames
Recommended actions
- Change your Lumin PDF password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Lumin PDF — attackers weaponise breach data quickly.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP