The service was created in 2014. Many users know it, as it is one of the PDF applications that its users can install Google Drive in their accounts to open problematic PDF documents.
Reportedly, a hacker posted a hacking forum a link, containing company-wide database. Within the link you can find information and 24.386.039 user files of LuminPDF.
Leaked files are: full usernames, emails, gender, language and hashed password or Google access token.
Token confirms that most users are using this service as an add-on to Google Drive.
However, some 118.746 users had created an account on the Lumin PDF page after being exposed data found passwords hashed through the Bcrypt algorithm.
The hacker who posted the link to user data said he had acquired it access to these elements by one Lumin PDF service MongoDB database, which has been exposed online since April of 2019.
The hacker claimed to have tried to contact the service administrators many times, but they ignored him.
Such attacks on MongoDB servers are common. Hackers often gain access to unprotected databases, delete data, and then seek ransom in the hope that a victim will make money. In fact, the data no longer exists.
We still do not know why hacker exposed user data, since the database was no longer exposed. It looks like he wanted to avenge the managers because they didn't care about him when he wanted to inform them of the leak five months ago.
What can users do?
Most alarming is that access tokens have leaked. Tokens can allow malicious hackers to appear as legitimate users and access their accounts Google Drive.
Google has been informed of the incident and said it will investigate the case.
Users of Lumin PDF are good to block access to the application account on Google Drive, to be sure that a hacker with their token will not get access.
This can be done by the following procedure:
- Go to drive.google.com.
- Click the gear (settings) in the upper right.
- Click "Settings" in the drop-down menu.
- Click "Manage Applications" in the submenu
- Next to the app, click Options.
- Click Disconnect from Drive.