ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Lumin PDF Data Breach

luminpdf.com
Major exposure
Verified breach Passwords exposed
Accounts exposed 15,453,048
Breach date 01 Apr 2019
Added to tracker 18 Sep 2019
Data classes 7

What happened

In April 2019, the PDF management service Lumin PDF suffered a data breach. The breach wasn't publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum. The data had been left publicly exposed in a MongoDB instance after which Lumin PDF was allegedly been "contacted multiple times, but ignored all the queries". The exposed data included names, email addresses, genders, spoken language and either a bcrypt password hash or Google auth token.

Exposed data

Auth tokens Email addresses Genders Names Passwords Spoken languages Usernames

Recommended actions

  • Change your Lumin PDF password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Lumin PDF — attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP