What’s the matter?
A hacker has shared a downloadable link of Lumin PDF’s user database on a hacking forum. The MongoDB database contains the user records of over 24.3 million Lumin PDF users.
Why it matters?
The database is a 2.25GB ZIP file that includes a 4.06GB CSV file containing the user records of 24,386,039 LuminPDF users.
Behind the scenes
The hacker who shared the database on the hacking forum wrote that he found the database belonging to Lumin PDF that was left exposed online without a password in April 2019.
Following this, he contacted Lumin PDF multiple times, but didn't hear back from the vendor. However, the data was later destroyed by ransomware, and the database was taken offline.
“The unprotected database was found about 5 months ago. Vendor was contacted multiple times, but ignored all the queries,” the hacker wrote, ZDNet reported.
The exposed Google access tokens could allow bad actors to gain unauthorized access to users’ Google Drive accounts. Therefore, Lumin PDF users are requested to revoke Lumin PDF’s access to their Google Drive. Meanwhile, ZDNet has also notified Google about Lumin PDF users’ leaked access tokens.