Tuesday, March 2, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Data of 24.3 million Lumin PDF users shared on hacking forum

September 17, 2019
in Internet Security
Data of 24.3 million Lumin PDF users shared on hacking forum
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

The details of over 24.3 million Lumin PDF users have been shared today on a hacking forum, ZDNet has learned from a source.

The hacker said they leaked the company’s data after Lumin PDF administrators failed to answer his queries multiple times over the past few months.

You might also like

Free cybersecurity tool aims to help smaller businesses stay safer online

Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

These four new hacking groups are targeting critical infrastructure, warns security company

Lumin PDF is a little-known cloud-based service that lets users view, edit, and share PDF files using a web-based dashboard, inside a browser extension, or via the company’s mobile apps.

The service was founded in 2014, but most users are familiar with the company’s name, being one of the third-party PDF apps that Google Drive users can install on their accounts and open problematic PDF documents.


Image: ZDNet

However, today, a hacker published a download link to the company’s entire user database. The hacker’s download link is for a 2.25GB ZIP file that holds a 4.06GB CSV file containing the user records of 24,386,039 LuminPDF users.

With the help of a source, ZDNet has obtained a copy of this archive and verified its authenticity with several Lumin PDF users.

luminpdf-users-redacted.png

Image: ZDNet

For the vast majority of user records, the CSV file contains users’ full names, email addresses, gender, (language) locale settings, and a hashed password string or Google access token.

For most user entries, there’s a Google access token included in the leaked data, confirming that most Lumin PDF are using the service as an add-in Google Drive app.

However, for 118,746 users, the leaked Lumin PDF data contained password strings that appear to have been hashed using the Bcrypt algorithm, suggesting these are users who registered an account on the Lumin PDF website.

Hacker claims Lumin PDF ignored contact attempts

Writing on the forum, the hacker claimed to have obtained the data from a MongoDB database belonging to Lumin PDF that was left exposed online without a password back in April 2019.

“The unprotected database was found about 5 months ago,” the hacker wrote. “Vendor was contacted multiple times, but ignored all the queries.

“The data was later destroyed by ransomware, and server taken down soon after,” the hacker added.

Such destructive attacks on MongoDB servers aren’t new and have been happening since late 2016. Cybercriminals have made a habit out of accessing unprotected MongoDB databases, deleting their content, and leaving a ransom note behind hoping that a clueless victim would pay a ransom demand for data that doesn’t exist anymore.

The hacker, whose name we won’t be sharing in this article, did not make it particularly clear why they were sharing Lumin PDF’s user records, despite the Lumin PDF server and the data not being available anymore. At a first glance, this looks like petty revenge.

ZDNet reached out to Lumin PDF, but the company did not return a request for comment before this article’s publication.

What users ca do

In the meantime, the most dangerous part of this leak is the presence of Google access tokens in the leaked data. These access tokens can allow malicious threat actors to pose as legitimate users and access Google Drive accounts.

ZDNet has notified Google of the leaked data and the presence of the leaked access tokens. A Google spokesperson said the company is investigating the incident.

In the meantime, to prevent any unauthorized access to Google Drive accounts, users who used Lumin PDF are advised to revoke the app’s access to their Google Drive account.

Instructions on how to do this are available in this Google Drive support page, and also below:

  • On your computer, go to drive.google.com.
  • Click the cog (settings) icon in the top-right menu bar.
  • Click the Settings option in the drop-down menu.
  • Click Manage apps in the side-menu
  • Next to the app, click Options.
  • Click Disconnect from Drive.
luminpdf-remove.png

Image: ZDNet

Credit: Zdnet

Previous Post

WeWork IPO Likely Delayed. The Writing Was on the Wall

Next Post

What is The Essential of Data Science?

Related Posts

Free cybersecurity tool aims to help smaller businesses stay safer online
Internet Security

Free cybersecurity tool aims to help smaller businesses stay safer online

March 2, 2021
Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit
Internet Security

Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

March 1, 2021
These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Next Post
What is The Essential of Data Science?

What is The Essential of Data Science?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Free cybersecurity tool aims to help smaller businesses stay safer online
Internet Security

Free cybersecurity tool aims to help smaller businesses stay safer online

March 2, 2021
Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites
Internet Privacy

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites

March 2, 2021
Jumpstart your cloud transformation journey with fast object storage
Data Science

Jumpstart your cloud transformation journey with fast object storage

March 2, 2021
IBM Cloud Satellite goes GA
Big Data

IBM Cloud Satellite goes GA

March 1, 2021
Novel machine-learning tool can predict PRRSV outbreaks and biosecurity effectiveness
Machine Learning

Novel machine-learning tool can predict PRRSV outbreaks and biosecurity effectiveness

March 1, 2021
How to Change the WordPress Admin Login Logo
Learn to Code

Use Touch ID for sudo on Mac

March 1, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Free cybersecurity tool aims to help smaller businesses stay safer online March 2, 2021
  • Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites March 2, 2021
  • Jumpstart your cloud transformation journey with fast object storage March 2, 2021
  • IBM Cloud Satellite goes GA March 1, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates