- The exposed user data includes names, email addresses, gender, (language) locale settings, hashed password strings, and Google Access tokens.
- The exposed Google access tokens could allow bad actors to gain unauthorized access to users’ Google Drive accounts.
What’s the matter?
A hacker has shared a downloadable link of Lumin PDF’s user database on a hacking forum. The MongoDB database contains the user records of over 24.3 million Lumin PDF users.
Why it matters?
The database is a 2.25GB ZIP file that includes a 4.06GB CSV file containing the user records of 24,386,039 LuminPDF users.
- The CSV file contained users’ names, email addresses, gender, and (language) locale settings.
- Almost 118,746 users had their password strings exposed. The exposed password strings have been hashed using the Bcrypt algorithm.
- The exposed data also includes users’ Google access tokens, suggesting that Lumin PDF users are using the service as an add-in Google Drive app.
Behind the scenes
The hacker who shared the database on the hacking forum wrote that he found the database belonging to Lumin PDF that was left exposed online without a password in April 2019.
Following this, he contacted Lumin PDF multiple times, but didn't hear back from the vendor. However, the data was later destroyed by ransomware, and the database was taken offline.
“The unprotected database was found about 5 months ago. Vendor was contacted multiple times, but ignored all the queries,” the hacker wrote, ZDNet reported.
The exposed Google access tokens could allow bad actors to gain unauthorized access to users’ Google Drive accounts. Therefore, Lumin PDF users are requested to revoke Lumin PDF’s access to their Google Drive. Meanwhile, ZDNet has also notified Google about Lumin PDF users’ leaked access tokens.