Wednesday, June 3, 06:29
Home security Lumin PDF data on millions of users found in hacking forum

Lumin PDF data on millions of users found in hacking forum

River PDFA new data leak reportedly took place. The goal was users of the service River PDF. Personal information 24,3 of millions of users found in one hacking forum.

Lumin PDF is a cloud-based service, through which users can view, edit, and share PDFs using an online dashboard, within a browser extension. Alternatively, the company also has a mobile app.

The service was created in 2014. Many users know it, as it is one of the PDF applications that its users can install Google Drive in their accounts to open problematic PDF documents.

Reportedly, a hacker posted a hacking forum a link, containing company-wide database. Within the link you can find information and 24.386.039 user files of LuminPDF.

Leaked files are: full usernames, emails, gender, language and hashed password or Google access token.

Token confirms that most users are using this service as an add-on to Google Drive.

However, some 118.746 users had created an account on the Lumin PDF page after being exposed data found passwords hashed through the Bcrypt algorithm.

The hacker who posted the link to user data said he had acquired it access to these elements by one Lumin PDF service MongoDB database, which has been exposed online since April of 2019.

The hacker claimed to have tried to contact the service administrators many times, but they ignored him.

“The data was later destroyed by one ransomware and server it was removed shortly afterwards, ”the hacker said.

Such attacks on MongoDB servers are common. Hackers often gain access to unprotected databases, delete data, and then seek ransom in the hope that a victim will make money. In fact, the data no longer exists.

We still do not know why hacker exposed user data, since the database was no longer exposed. It looks like he wanted to avenge the managers because they didn't care about him when he wanted to inform them of the leak five months ago.

What can users do?

Most alarming is that access tokens have leaked. Tokens can allow malicious hackers to appear as legitimate users and access their accounts Google Drive.

Google has been informed of the incident and said it will investigate the case.

Users of Lumin PDF are good to block access to the application account on Google Drive, to be sure that a hacker with their token will not get access.

This can be done by the following procedure:

  1. Go to drive.google.com.
  2. Click the gear (settings) in the upper right.
  3. Click "Settings" in the drop-down menu.
  4. Click "Manage Applications" in the submenu
  5. Next to the app, click Options.
  6. Click Disconnect from Drive.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Samsung Access: Samsung's new service for new Galaxy devices!

Samsung has launched a new subscription service for upgrades, starting with the Galaxy S20 series. The new service, named Samsung ...

Microsoft: The tools that will now be available to everyone!

Microsoft now has the "Virtual Assistant Accelerator" and "Bot Framework Composer" tools for its entire user base. Developers can ...

Sony: Cancel PS5 event due to Floyd case!

The event that Sony had planned for the PS5 on June 4 was postponed indefinitely, due to the deplorable situation that prevails ...

Cisco warns: These Nexus switches have been hit by a serious security flaw

Cisco has warned customers with Nexus switches running NX-OS software to install updates to address a serious flaw ...

Windows 10 May 2020 Update: Get Windows 10 for € 9.09

As we all know, Windows 10 May 2020 Update has been released. It is safer, more reliable and more efficient than ever. It is certain that with ...

Anonymous's hack includes data from previous leaks!

As protests over the death of George Floyd in Minneapolis have spread across the United States, cyberattacks have targeted police ...

Critical Exim errors have been fixed, but many servers are still at risk

The update of Exim mail servers is not fast enough and the members of the Russian hacker Sandworm team are actively exploiting three critical ...

New Cisco vulnerability that concerns you!

A new critical Cisco vulnerability has been identified that concerns you: For those who don't know, Cisco recently announced that some of the servers ...

Antifa tweets from extreme rightists call for violence!

The "Antifa tweets" that flooded Twitter and promoted violence, actually came from a well-known far-right group! The information came in ...

Apple introduces the new USB-C Diagnostic Tool

Apple introduces the new USB-C Diagnostic Tool. See the new features: Apple finally brings the new internal USB-C Diagnostic Tool, ...