luminpdf data breach

luminpdf

What Happened

In April 2019, Lumin PDF, a cloud-based PDF editing platform, suffered a data breach when attackers exploited a misconfigured, publicly accessible MongoDB database in its testing infrastructure, exposing user records that surfaced on a hacking forum in September 2019. The incident affected approximately 15.5 million to 24.4 million accounts, with compromised data including names, email addresses, usernames, genders, spoken languages, bcrypt-hashed passwords, and Google authentication tokens, though Lumin claimed only non-sensitive data was ultimately stolen and no passwords were stored in plain text. Despite reported attempts to notify the company, the breach went undisclosed for months, prompting Lumin to later implement enhanced security measures like multi-layer encryption, role-based access controls, firewalls, and continuous auditing.

Compromised Assets

  • full name
  • username
  • email
  • gender
  • nationality
  • password

Check your company's
exposed credentials

Enter your work email to instantly access a free account
and see your company’s exposed credentials.

Related Breaches